XML-RPC CSRF protection

[eluser]N3XT0R[/eluser]
Hello guys,
i have a little problem ...
i activated the CSRF protection inside the config.php and currently im developing on a API for my Project.
Without the CSRF Protection i can easy call the XML-RPC Server, if i enable the Protection i become a HTTP1/0 500 Error with the message "The action you have requested is not allowed.".

Is there maybe a good solution for this problem or can i disable the CSRF protection only for my XML-RPC Server?

[eluser]TheFuzzy0ne[/eluser]
You can use a conditional in your config.php file, so CSRF protection is not enabled for certain URLs.

Code:

$config['csrf_protection'] = TRUE;

$csrf_disabled_uris = array(
    '/controller/method',
);

foreach ($csrf_disabled_uris as $uri)
{
    if (strpos($_SERVER['REQUEST_URI'], $uri) === 0)
    {
        $config['csrf_protection'] = FALSE;
        break;
    }
}

Untested, but might work.

[eluser]N3XT0R[/eluser]
Thanks for your reply,

I've been thinking about this solution, too but I thought there is maybe a better solution than a condition in the config file.

[eluser]TheFuzzy0ne[/eluser]
The only other solution I can think of, would be to use GET instead of POST. CSRF protection seems to assume that all POST requests are forms being submitted.