How to disable CSRF temporaly for callback controllers ? |
[eluser]Emelian[/eluser]
Hello! Show you how to disable the protection CSRF, when authorization is on a different server with authentication module uLogin for Codeigniter http://ulogin.ru/constructor.html Needless to connect two libraries are as follows: $ this-> load-> library ('ulogin'); $ this-> load-> library ('uauth'); Output on the page: echo $ this-> ulogin-> get_html (); Where and what should be set to avoid any mistake?: "The action you have requested is not allowed." If I understand correctly, the error is caused by an invalid token is passed to the authentication result. Please help solve the problem. With respect.
[eluser]Unknown[/eluser]
when i checked logs , i saw these errors ; Quote: Cannot access protected property CI_Security::$_xss_hash in .. so i changed some access modifiers in security file System\core\Security.php find the lines below Code: protected $_csrf_hash; change protected to public like this Code: public $_csrf_hash;
[eluser]Emelian[/eluser]
[quote author="efesaid" date="1361473345"]when i checked logs , i saw these errors ; Quote: Cannot access protected property CI_Security::$_xss_hash in .. so i changed some access modifiers in security file System\core\Security.php find the lines below Code: protected $_csrf_hash; change protected to public like this Code: public $_csrf_hash; efesaid, this is the answer to my question?
[eluser]Unknown[/eluser]
[quote author="jpwdesigns" date="1303427498"]Ok, here is the solution (hack) i've got working for anyone else needing it: Code: if (isset($_SERVER["REQUEST_URI"])) I know this is quoting an old post, but I wanted to share my compressed ternary version of the above code: Code: $config['csrf_protection'] = (isset($_SERVER["REQUEST_URI"]))
[eluser]Unknown[/eluser]
Took me a while, and none of the solutions in here worked. But, I found a solution! To anyone using html5boilerplate to generate .htaccess, do this: Lines 346 to 350 are enabled by default in the .htaccess by html5boilerplate. You have to comment them out to get rid of the error: Code: # <IfModule mod_rewrite.c> Fixed it for me :-).
[eluser]jonez[/eluser]
Another alternative using hooks. CSRF is disabled by default, use URL checks to enable for specific paths. config/hooks.php Code: $hook['pre_system'][] = array( hooks/csrf.php Code: function check_csrf( ) { |
Welcome Guest, Not a member yet? Register Sign In |