Set config item (csrf) doesnt work in Codeigniter Set config item (csrf) doesnt work in Codeigniter codeigniter codeigniter

Set config item (csrf) doesnt work in Codeigniter


php codeigniter config csrf

I have a solution for you. Create a custom application/core/MY_Security.php and put this in it:

<?php if ( !defined( 'BASEPATH' ) ) exit( 'No direct script access allowed' );class MY_Security extends CI_Security{    public function csrf_verify( )    {        foreach ( config_item('csrf_excludes') as $exclude )        {            $uri = load_class('URI', 'core');            if ( preg_match( $exclude, $uri->uri_string() ) > 0 )            {                // still do input filtering to prevent parameter piggybacking in the form                if (isset($_COOKIE[$this->_csrf_cookie_name]) && preg_match( '#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name] ) == 0)                {                    unset( $_COOKIE[$this->_csrf_cookie_name] );                }                return;            }        }        parent::csrf_verify( );    }}

This will check the following excludes which you need to put in your application/config.php in the CSRF section:

$config['csrf_excludes'] = array    ( '@^/?excluded_url_1/?@i'    , '@^/?excluded_url_2/?@i' );

Every matching URL pattern will be excluded from CSRF checks. You can build regex here at http://rubular.com

cheers

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last