Enabling CSRF in TRUE in CodeIgniter

Question

Enabling CSRF in TRUE in CodeIgniter

Just read that CodeIgniter 2.x has built-in CSRF protection. Now, after reading the documentation, I did not find anything related to CSRF, just select the TRUE parameter in the config.php and then it. However, on my system, I do not use this form_helper , which automatically includes the CodeIgniter CSRF protection, instead I have my own <form> HTML.

My concern is that I need to do something to implement CSRF for CodeIgniter, or is it enough to set the TRUE parameter?

+4

php forms codeigniter csrf

Leandro garcia Oct 6 '12 at 16:47

source share

1 answer

Laurence · Accepted Answer · 2012-10-07T02:42:20+0000

To enable CRSF in Codeigniter, you just need to:

Set the parameter "TRUE" in the configuration file
All your forms MUST use the form_open () helper function . This will automatically generate and add a “hidden” CSRF token to your forms. Codeigniter then automatically checks this token on each form submission as part of the security function. If it detects a CSRF error, it will automatically generate error 401.

You do not have to do anything.

edit: I just re-read that you are not using form_open (). Perhaps you can manually insert the CSRF token into the forms yourself, but it will be more work than required. Just convert all your forms to use form_open - and it will work without visible results.

(And yes - this is one of the few poorly documented functions in CI - so I understand why you could not find the answer - it took me some time too)

Enabling CSRF in TRUE in CodeIgniter

More articles: