i have face problem with CSRF in real Hosting not in local server, in order to allow multiple tab in Codeigniter CSRF have to disable
Code:
$config['csrf_regenerate'] = FALSE;
yeah problem is fix but another problem is remain and it strange look code below:
Code:
<?php echo form_open(); ?>
<small class="language-switcher" title="<?php echo ($this->session->userdata('camfone_lang') == 'en')? 'change to khmer' : 'change to english';?>">
<?php
echo ($this->session->userdata('camfone_lang') == 'en')
? '<button type="submit" name="kh_lang">ខ្មែរ</button>'
: '<button type="submit" name="en_lang">English</button>';
?>
<span>|</span>
<i class="fa fa-globe fa-lg" aria-hidden="true"></i>
</small>
<?php echo form_close(); ?>
the form is post in self like domain-name.com when i click language change it will error 403
in order to fix this strange error have to extent Security Class in core folder:
Code:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class MY_Security extends CI_Security {
public function __construct()
{
parent::__construct();
}
public function csrf_show_error()
{
// show_error('The action you have requested is not allowed.'); // default code
// force redirect to the csrf_redirect function
// this gives the user a useful message instructing them to login again
// while the CSRF cookie is also refreshed to allow a new login
header('Location: ' . htmlspecialchars($_SERVER['REQUEST_URI']), TRUE, 200);
}
}
?>
my suggestion is it possible to set Default regenerate to FALSE
and if is good to Apply this strange error with redirect self to
csrf_show_error
for Next CI 3x patch
Thank in advance.