Welcome Guest, Not a member yet? Register   Sign In
Server config causing CSRF triggers
#15

OK, I finally found the source of the incompatibility with CodeIgniter's CSRF. In php.ini if
Code:
suhosin.cookie.encrypt = On
is found then it causes CSRF in CI to kick back a 403 on ajax requests and probably others, but I noticed it on the axaj calls. There are two solutions.

Unsafe
Comment out
Code:
suhosin.cookie.encrypt = On
in php.ini

Safe
Create the line
Code:
suhosin.cookie.plainlist = [insert csrf cookie name from config.php]
in php.ini with no quotes around the cookie name. Any other cookies should be separated by a comma.
Reply


Messages In This Thread
SOLUTION - by objecttothis - 09-07-2017, 04:16 AM



Theme © iAndrew 2016 - Forum software by © MyBB