CSRF Protection not being set |
Man, after hours of debugging I figured it out.
For anyone who runs into this issue in the future, here's what I went through. I use Cloudflare as a DNS provider which routes my url to an elastic load balancer in amazon. The connection the user has to my cloudflare dns has HTTPS encryption, but somehow the connection from cloudflare to my elb to my servers lost their HTTPS. So while the user was still transmitting all data via HTTPS, the codeigniter app still saw the request as non https. On line 267 of system/core/Security.php You'll see PHP Code: if ($secure_cookie && ! is_https()) Thus it was returning false and not setting my csrf cookie. Problem solved though! Thank you skunkbad for the input though, I wasn't even thinking of something 'outside' of the app since it's all hosted on amazon. +1 rep for you
Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!
|
Messages In This Thread |
CSRF Protection not being set - by albertleao - 06-21-2017, 03:42 PM
RE: CSRF Protection not being set - by skunkbad - 06-21-2017, 03:59 PM
RE: CSRF Protection not being set - by albertleao - 06-21-2017, 08:20 PM
RE: CSRF Protection not being set - by albertleao - 06-21-2017, 08:49 PM
RE: CSRF Protection not being set - by skunkbad - 06-21-2017, 10:11 PM
|