Hi, I've been creative and created a 'dynamic' API (http:// … /<resource>/<optional id>) which work great.
My problem is, that when I try to add resources by POSTing (or update using PUT), I get a 403 forbidden. Now, according to the docs I'm trying to enable CRSF in Filters, add whitelist urls ... something like this:
Code:
public $globals = [
'before' => [
'csrf' => ['except' => ['api/record/save']]
]
Now, it defeats the whole point of having a 'dynamic' API if I have to manually add exceptions in filters afterwards.
Now, HOW would I make it possible to use PUT and POST in this case to avoid errors like the above.
NOTE: the application is "frontend" ONLY, I don't use CI for generating any type of visual output (forms etc.), so the csrf_methods are probably out of the question ... the user is validated by being logged in. So, only logged in users can create and update stuff. But I basically need to remove url exceptions from the loop.
Hmm, maybe disabling the CSRF completely will do?