Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help CSRF configuration
CSRF configuration
  • Offline __peter
    Newbie
  • *
  • Posts: 1
    Threads: 1
    Joined: Sep 2023
    Reputation: 0
#1
09-07-2023, 09:55 AM

Hi everybody... 
im trying to configure csrf protection just for a couple of pages in my app using this code (config/filters.php):

public $globals = [
        'before' => [
            'csrf' => [
                "/", ["except" => ["!*"]]
            ],
            'auth' => ['except' => ['/', '/validateLogin']]
        ],
        'after' => [
            //...
        ],
    ];

what i want is that just 2 pages implement this protection but not all the rest which are a lot, and the code above tries to protect the complete app, how can i configure this?
Thanks in advance
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,312
    Threads: 90
    Joined: Oct 2014
    Reputation: 207
#2
09-07-2023, 05:11 PM

Quote:There are times where you want to apply a filter to almost every request, but have a few that should be left alone. One common example is if you need to exclude a few URI’s from the CSRF protection filter to allow requests from third-party websites to hit one or two specific URI’s, while keeping the rest of them protected. To do this, add an array with the except key and a URI path (relative to BaseURL) to match as the value alongside the alias:
https://codeigniter4.github.io/CodeIgnit...a-few-uris
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,312
    Threads: 90
    Joined: Oct 2014
    Reputation: 207
#3
09-07-2023, 05:12 PM

Specify filter(s) in routes.
See https://codeigniter4.github.io/CodeIgnit...ng-filters
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply




Theme © iAndrew 2016 - Forum software by © MyBB