CodeIgniter use CSRF protection only in some pages

codeigniter codeigniter-2 csrf
esrpim picture esrpim · Aug 22, 2013 · Viewed 14.1k times · Source

What I want to do is to protect some sensitive forms from CSRF attack in codeigniter but not all pages.

To protect from CSRF if I set it in config.php it applies for all pages. is there any way to do that only for some pages by setting in controller?

$config['csrf_protection'] = TRUE;

Answer

Bira picture Bira · Feb 13, 2015

Now the CI3 have this feature, we can exclude the URIs in the config http://www.codeigniter.com/userguide3/libraries/security.html?highlight=csrf#cross-site-request-forgery-csrf

$config['csrf_exclude_uris'] = array('api/person/add');


$config['csrf_exclude_uris'] = array(
    'api/record/[0-9]+',
    'api/title/[a-z]+'
);

Related questions

Only variable references should be returned by reference - Codeigniter

After the server PHP upgrade I am getting the following error with PHP Version 5.6.2 on Apache 2.0 A PHP Error was encountered Severity: Notice Message: Only variable references should be returned by reference Filename: core/Common.php Line Number: 257 How can …

Read More
Codeigniter: does $this->db->last_query(); execute a query?

Does query execution happen at the get_where() clause of the following codeigniter active record statement? $this->db->select('*'); $q = $this->db->get_where('Contacts', array('id' => $contact_id)); $sql = $this->db-&…

Read More
CodeIgniter: How to get Controller, Action, URL information

I have these URLs: http://backend.domain.com/system/setting/edit/12 http://backend.domain.com/product/edit/1 How to get controller name, action name from these URLs. I'm CodeIgniter newbie. Are there any helper function to get this info Ex: $…

Read More