Welcome Guest, Not a member yet? Register   Sign In
CSRF vuejs-axios not working

After hours of of research I came up with the idea to check the security class.

Somehow the json post data from axios, or Superagent, or $http.post from my Vuejs file returns an empty ARRAY.

So the checkup for the CSRF token is always false because there is no data!
Therefore, if the $_POST is empty I check if there is any raw post input data and decode it

By extending the Security core class, adding MY_Security.php to application/core
PHP Code:
class MY_Security extends CI_Security{

public function 
class MY_Security extends CI_Security{

public function 

Copied the csrf_verify function from the original

PHP Code:
//if the $_POST array is empty, check for $raw_input_stream / php://input
$_POST json_decode(file_get_contents("php://input"), true);
// Check CSRF token validity, but don't error on mismatch just yet - we'll want to regenerate
$valid = isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name])
hash_equals($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]); 

Is there a better approach for this problem?

Messages In This Thread
CSRF vuejs-axios not working - by ponzo - 10-11-2017, 08:34 AM
RE: CSRF vuejs-axios not working - by ponzo - 10-12-2017, 02:50 AM
RE: CSRF vuejs-axios not working - by Paradinight - 10-12-2017, 08:04 PM
RE: CSRF vuejs-axios not working - by bartMommens - 10-22-2019, 02:25 PM

Theme © iAndrew 2016 - Forum software by © MyBB