I'm having trouble understanding this CSRF issue.
Whenever a user visits my websites through a link he/she clicked on for example Facebook, my CSRF check will fail.
So I posted a link on facebook so people could register on my site but the CSRF prevents this.
The link I posted:
example.com/register
The controller when the user submits the form:
example.com/member/register
As you can see I whitelisted the URI for now but I'd like to undo this.
Code:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'rfhm';
$config['csrf_cookie_name'] = 'rfhmc';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array('member/register');
How I open the form:
Code:
<?php echo form_open('member/register'); ?>
What am I missing?