Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion CSRF and RESTful interface
CSRF and RESTful interface
  • El Forum
    Guest
  •  
#1
08-01-2011, 11:53 AM

[eluser]JonoB[/eluser]
I have a CI app with csrf protection enabled. I would also like this app to have a rest interface, and for this I have used Phil Sturgeon's Rest Server (https://github.com/philsturgeon/codeigniter-restserver).

The problem, of course, is that csrf validation fails for any rest calls. I think that the solution to this is to have csrf enabled by default, and then to disable it if the service is being called via Rest.

My first thought was to create a hook as follows:

Code:
function csrf_hook()
{
  $ci =& get_instance();
    
  if ($ci->uri->segment(1) == 'api') //api is the routing for all rest calls
  {
    $ci->config->set_item('csrf_protection', false);
  }
}

The problem, is that if I use $hook['pre_controller'], then the uri class has not yet been enabled, so I am unable to determine if the call is a rest call or not. However, if I use $hook['post_controller_constructor'], then the security checks have already been run, and disabling csrf is too late.

Any thoughts on how to get around this?




Theme © iAndrew 2016 - Forum software by © MyBB