Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support CSRF never fails
CSRF never fails
  • Offline Gary
    Member
  • ***
  • Posts: 185
    Threads: 35
    Joined: Oct 2019
    Reputation: 2
#1
Question  02-23-2022, 08:43 AM
(This post was last modified: 02-24-2022, 12:56 AM by Gary. Edit Reason: Finger trouble )

Is it just me, or is anyone else experiencing an issue with the CSRF Filter never failing?

Security.php's function verify(RequestInterface $request) has the following line, that for the life of me, I can't get to fail anymore!?

Code:
if (! isset($token, $this->hash) || ! hash_equals($this->hash, $token)) {
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,265
    Threads: 90
    Joined: Oct 2014
    Reputation: 205
#2
02-23-2022, 05:59 PM

How do you know the line is the cause?
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply
  • Offline Gary
    Member
  • ***
  • Posts: 185
    Threads: 35
    Joined: Oct 2019
    Reputation: 2
#3
02-24-2022, 12:54 AM
(This post was last modified: 06-23-2022, 09:26 AM by Gary.)

Finger trouble, sorry, wrong line! I'll correct it to make the question more sensible, thanks Kenjis.

That being said, I wasn't implying the line was the cause... it is only the final "deciding" test... so the problem was somewhere in the setting/recovery of the variables in the comparison.

At any rate, although I didn't get to the bottom of it, I changed the code elsewhere to sidestep the problem... so the problem was likely just me.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB