Welcome Guest, Not a member yet? Register   Sign In
Exclude URI from CSRF


I'm trying to exclude URI's from CSRF check for AJAX posts, in my .env file i've found;
app.CSRFExcludeURIs = []

Have set the required URL in this array but it still gives me a 403 Forbidden request, only when I deactivate the CSRF protection the request works. Do i need to configure this in other files as well or kan this be done within config\Filters.php?

The easiest way is to probably handle that in the Filters config file. It's turned on globally for all POST requests at the moment, but you could modify that to exclude URI's

Hello Kilishan,

Seems to work from Config\Filters.php the .env file is ignored in it's request, from the documentation i've used the exclude part in the $globals if anyone else has this problem.

Thank you for the reply!

Theme © iAndrew 2016 - Forum software by © MyBB