Latest news
Home » CodeIgniter » csrf exception url codeigniter

csrf exception url codeigniter

Add the following line to application/config/config.php file.

$config['csrf_exclude_uris'] = array('controller 1','controller 2','controller3/method 1','controller3/method 2');

Modify the public function csrf_verify() function in Security.php

public function csrf_verify()
// If it's not a POST request we will set the CSRF cookie
if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST')
return $this->csrf_set_cookie();
// this IF statement is the fix
// Check if URI has been whitelisted from CSRF checks
if ($exclude_uris = config_item('csrf_exclude_uris'))
$uri = load_class('URI', 'core');
$uri_string = $uri->uri_string();
foreach($exclude_uris as $val){ // i.e. exempt = array('one', 'abc/def')
if(is_int(strpos($uri_string,$val))) { // uri == 'one' returns true
return $this; // uri == 'one/two' returns true
} // uri == 'abc' returns false
} // uri == 'abc/def' returns true

// Do the tokens exist in both the _POST and _COOKIE arrays?
if ( ! isset($_POST[$this->_csrf_token_name]) OR ! isset($_COOKIE[$this->_csrf_cookie_name])
OR $_POST[$this->_csrf_token_name] != $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match?
// We kill this since we're done and we don't want to polute the _POST array
// Regenerate on every submission?
if (config_item('csrf_regenerate'))
// Nothing should last forever
$this->_csrf_hash = '';
log_message('debug', 'CSRF token verified');
return $this;

Leave a Reply


Check Also

How to print Codeigniter upload error

if you want to display errors on upload functionality in codeigniter. Use the following function ...