Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How to disable CSRF temporaly for callback controllers ?
How to disable CSRF temporaly for callback controllers ?
  • El Forum
    Guest
  •  
#21
12-19-2012, 06:52 AM

[eluser]Emelian[/eluser]
Hello!

Show you how to disable the protection CSRF, when authorization is on a different server with authentication module uLogin for Codeigniter http://ulogin.ru/constructor.html

Needless to connect two libraries are as follows:
$ this-> load-> library ('ulogin');
$ this-> load-> library ('uauth');
Output on the page:
echo $ this-> ulogin-> get_html ();

Where and what should be set to avoid any mistake?:
"The action you have requested is not allowed."

If I understand correctly, the error is caused by an invalid token is passed to the authentication result.
Please help solve the problem.

With respect.
  • El Forum
    Guest
  •  
#22
02-21-2013, 12:02 PM

[eluser]Unknown[/eluser]
when i checked logs , i saw these errors ;

Quote: Cannot access protected property CI_Security::$_xss_hash in ..

so i changed some access modifiers in security file


System\core\Security.php

find the lines below

Code:
protected $_csrf_hash;

protected $_csrf_token_name

change protected to public like this

Code:
public $_csrf_hash;

public $_csrf_token_name
  • El Forum
    Guest
  •  
#23
02-21-2013, 10:32 PM

[eluser]Emelian[/eluser]
[quote author="efesaid" date="1361473345"]when i checked logs , i saw these errors ;

Quote: Cannot access protected property CI_Security::$_xss_hash in ..

so i changed some access modifiers in security file


System\core\Security.php

find the lines below

Code:
protected $_csrf_hash;

protected $_csrf_token_name

change protected to public like this

Code:
public $_csrf_hash;

public $_csrf_token_name
[/quote]

efesaid, this is the answer to my question?
  • El Forum
    Guest
  •  
#24
05-23-2013, 04:46 AM

[eluser]Unknown[/eluser]
[quote author="jpwdesigns" date="1303427498"]Ok, here is the solution (hack) i've got working for anyone else needing it:


Code:
if (isset($_SERVER["REQUEST_URI"]))
{
    if(stripos($_SERVER["REQUEST_URI"],'/mypage') === FALSE)
    {
        $config['csrf_protection'] = TRUE;
    }
    else
    {
        $config['csrf_protection'] = FALSE;
    }
}
else
{
    $config['csrf_protection'] = TRUE;
}
[/quote]

I know this is quoting an old post, but I wanted to share my compressed ternary version of the above code:

Code:
$config['csrf_protection'] = (isset($_SERVER["REQUEST_URI"]))
? (stripos($_SERVER["REQUEST_URI"],'/mypage') === false)
: true;
  • El Forum
    Guest
  •  
#25
06-24-2014, 02:33 AM

[eluser]Unknown[/eluser]
Took me a while, and none of the solutions in here worked.

But, I found a solution!

To anyone using html5boilerplate to generate .htaccess, do this:

Lines 346 to 350 are enabled by default in the .htaccess by html5boilerplate. You have to comment them out to get rid of the error:

Code:
# <IfModule mod_rewrite.c>
#    RewriteCond %{SCRIPT_FILENAME} -d [OR]
#    RewriteCond %{SCRIPT_FILENAME} -f
#    RewriteRule "(^|/)\." - [F]
# </IfModule>

Fixed it for me :-).
  • El Forum
    Guest
  •  
#26
06-24-2014, 05:49 AM

[eluser]jonez[/eluser]
Another alternative using hooks. CSRF is disabled by default, use URL checks to enable for specific paths.

config/hooks.php
Code:
$hook['pre_system'][] = array(
'function' => 'check_csrf',
'filename' => 'csrf.php',
'filepath' => 'hooks',
);

hooks/csrf.php
Code:
function check_csrf( ) {
$segments = explode( '/', trim( parse_url( $_SERVER[ 'REQUEST_URI' ], PHP_URL_PATH ), '/' ) );

if ( ... ) {
  $config =& load_class( 'Config', 'core' );
  $config->set_item( 'csrf_protection', true );
}
}




Theme © iAndrew 2016 - Forum software by © MyBB