• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
$config['csrf_exclude_uris'] seems to be ignored

#1
I'm trying to exclude a certain controller/method from CSRF checks, but the $config['csrf_exclude_uris'] setting seems to be ignored.

I'm posting information from a mobile app, but I keep getting an HTTP 403 response unless I completely disable CSRF protection.

Ideally I'd like to exclude all methods of the 'Mobile' controller, but even specifying a particular method doesn't work. I'm using: $config['csrf_exclude_uris'] = array('mobile/login');

Any idea what I may be doing wrong here?
Reply

#2
I had the same thing. Solved it by:

$config['csrf_exclude_uris'] = array(
"log.*+"
);

Disables CRSF for every URL starting with: log ex: "http://site.com/log/message/1"
Reply

#3
(09-08-2016, 01:10 AM)digitalhuman Wrote: I had the same thing. Solved it by:

$config['csrf_exclude_uris'] = array(
   "log.*+"
);

Disables CRSF for every URL starting with: log     ex: "http://site.com/log/message/1"

My hero !  Cool
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.