Set config item (csrf) doesnt work in Codeigniter
I have a solution for you. Create a custom application/core/MY_Security.php and put this in it:
<?php if ( !defined( 'BASEPATH' ) ) exit( 'No direct script access allowed' );class MY_Security extends CI_Security{ public function csrf_verify( ) { foreach ( config_item('csrf_excludes') as $exclude ) { $uri = load_class('URI', 'core'); if ( preg_match( $exclude, $uri->uri_string() ) > 0 ) { // still do input filtering to prevent parameter piggybacking in the form if (isset($_COOKIE[$this->_csrf_cookie_name]) && preg_match( '#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name] ) == 0) { unset( $_COOKIE[$this->_csrf_cookie_name] ); } return; } } parent::csrf_verify( ); }}
This will check the following excludes which you need to put in your application/config.php in the CSRF section:
$config['csrf_excludes'] = array ( '@^/?excluded_url_1/?@i' , '@^/?excluded_url_2/?@i' );
Every matching URL pattern will be excluded from CSRF checks. You can build regex here at http://rubular.com
cheers