CSRF Setting issues |
[eluser]Unknown[/eluser]
I've a codeigniter app, which works fine. I created a facebook canvas app, and tried loading a page generated by the codeigniter. It didn't work. And I got to see dreaded - "The action you have requested is not allowed". Just so to ensure my facebook app settings are right, I tried with a page from another site, and it worked. So started search for possible problems, I could figure out that it was because of CSRF protection=TRUE in cornfig settings. So I simply turned off CSRF protection to see, if would work. Then, it worked and I could actually load codeigniter generated pages through Facebook Canvas App (Sandbox mode, though..) Some suggested if we hard code hidden field for csrf token, (instead of depending on form_open() function) we could avoid this rule, and by that logic, if we had a page, which has no form at all, should work fine. And I couldn't not load even pages that don't have a form. And I'm not using AJAX anywhere. I'm using CI 2.1.3. One related link - http://ellislab.com/forums/viewthread/228160/#1038448 Though there are many similar questions, I couldn't find satisfactory answer. If I just see apache logs, I really don't feel turning off CSRF protection would be a good idea. So How do I make codeignter generated pages appear in facebook canvas app, without turning off CSRF protection? Any pointers will be useful. Thanks for you time. |
Welcome Guest, Not a member yet? Register Sign In |