CSRF configuration |
Hi everybody...
im trying to configure csrf protection just for a couple of pages in my app using this code (config/filters.php): public $globals = [ 'before' => [ 'csrf' => [ "/", ["except" => ["!*"]] ], 'auth' => ['except' => ['/', '/validateLogin']] ], 'after' => [ //... ], ]; what i want is that just 2 pages implement this protection but not all the rest which are a lot, and the code above tries to protect the complete app, how can i configure this? Thanks in advance Quote:There are times where you want to apply a filter to almost every request, but have a few that should be left alone. One common example is if you need to exclude a few URI’s from the CSRF protection filter to allow requests from third-party websites to hit one or two specific URI’s, while keeping the rest of them protected. To do this, add an array with the except key and a URI path (relative to BaseURL) to match as the value alongside the alias:
Specify filter(s) in routes.
See https://codeigniter4.github.io/CodeIgnit...ng-filters |
Welcome Guest, Not a member yet? Register Sign In |