Welcome Guest, Not a member yet? Register   Sign In
CSRF only in one page
#1

Hi

What's the best approach to use CSRF only in one page without using the Filter?

I need to remove all cookies for cache propose.

Thanks
Reply
#2

(09-08-2021, 07:56 PM)nneves Wrote: Hi

What's the best approach to use CSRF only in one page without using the Filter?

I need to remove all cookies for cache propose.

Thanks

You can add csrf fields in the view of that page  and then in the controller check it manually.
But filters is convenient. If you want csrf just in one page you can use filters array inside app/config/filters.php config file. 
PHP Code:
'csrf' => ['before' => ['myspecialpage/index']] 

So this will apply only in one page.
Reply
#3

(This post was last modified: 09-09-2021, 02:11 AM by nneves.)

(09-08-2021, 09:46 PM)manager Wrote:
(09-08-2021, 07:56 PM)nneves Wrote: Hi

What's the best approach to use CSRF only in one page without using the Filter?

I need to remove all cookies for cache propose.

Thanks

You can add csrf fields in the view of that page  and then in the controller check it manually.
But filters is convenient. If you want csrf just in one page you can use filters array inside app/config/filters.php config file. 
PHP Code:
'csrf' => ['before' => ['myspecialpage/index']] 

So this will apply only in one page.

Hi

Doing this way I have the csrf_cookie in all pages and that's somenthing I need to avoid.

I can get the field value from $this->request->getGetPost(csrf_token()) but how do I get the hash?
I have security.regenerate = false but when I receive the post data, csrf_hash() has a new value!

Thanks
Reply
#4

Try this code:
PHP Code:
$security = \Config\Services::security();
$result $security->verify($this->request); 


If $result is false,  csrf not passed.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB