• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Disable CSRF on page using router

#1
I have one page that receives post data from another website, so I need to be able to whitelist this particular page to disable CSRF.  While Codeigniter has an option `$config['csrf_exclude_uris']` for this, this doesn't seem to be working in my scenario because I am using a router to get to this page.  Is there a way to make `csrf_exclude_uris` look at the determined controller/method rather than at the original url?

Example:

Post URL:
Code:
mysite.com/1234/test1

Routing rule: 
PHP Code:
$route['(:num)/(:any)'] = 'portal/index/$1/$2'

Want to do: 
PHP Code:
$config['csrf_exclude_uris'] = ['portal/index']; 

Rather not do, but does work: 
PHP Code:
$config['csrf_exclude_uris'] = ['(\d+)(\/)((?:[a-z][a-z]+))']; 


The problem is the Security class seems to look at `1234/test1` rather than `portal/index`.  Is there a way around this?  Is there a disadvantage to not using the actual controller/method?  From my tests, it appears portal and index are known before the whitelist check is applied.

Running CI 3.1.3. From the release notes, it doesn't look like 3.1.4 changed anything here.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.