Welcome Guest, Not a member yet? Register   Sign In
CSRF problem issue
#1

I am having a problem with csrf protection... I want to use it only in index page for login but after making the csrf config true it gives me error "action not allowed". How to remove other pages from csrf protection if i am using routing.??

Please anyone help me out
Reply
#2

The easy way is to use the Form Helper and its function form_open('form_controller/action_method') to automatically put the hidden field with CSRF credentials in the form. Without that field you get the "not allowed" error.

Assuming the controller is Login and the action method is do_login the view code would be

PHP Code:
echo form_open('login/do_login');
//other view code
echo form_close(); 

Understand that CSRF is only used for POST requests. You don't have to worry about normal browsing request for a page because GET requests don't check the CSRF credentials.

It is strongly recommended that you use it for all forms that post data to your site.
Reply
#3

(02-17-2018, 03:49 AM)sidd89 Wrote: I am having a problem with csrf protection... I want to use it only in index page for login but after making the csrf config true it gives me error "action not allowed". How to remove other pages from csrf protection if i am using routing.??

Please anyone help me out

As you may well see in the documentation, you can whitelist pages where you don't want csrf: $config['csrf_exclude_uris']

https://codeigniter.com/user_guide/libra...urity.html
Reply




Theme © iAndrew 2016 - Forum software by © MyBB