Creating APIs for Web Applications Using CodeIgniter CSRF Protection

Question

Creating APIs for Web Applications Using CodeIgniter CSRF Protection

I have a web application built using CodeIgniter 2, I have included CSRF protection in it. $config['csrf_protection'] = TRUE; My friend is creating a mobile application for him, so he needs an API to communicate with the web application. I created a RESTful API in CI using this tutorial . The entire request made by the mobile application is a POST request. The problem that I encountered is that CSRF protection is enabled, and the POST request made from the mobile does not carry any “CSRF token”, so it throws a 500 internal server error . However, if I disable CSRF protection, everything works fine . What is the correct way to implement it? Should I generate a token on the mobile device itself? Or should I add an exception to protect CSRF? If so, how can I do this? because I do not want to disable CSRF protection.

+4

api php restful-authentication codeigniter

Shivam Jul 6 '13 at 8:02

source share

1 answer

Mehdi jalal · Accepted Answer · 2013-07-06T08:10:16+0000

check out the CSRF implementation in codeigniter from net.tutsplus.com.

I hope this solves your problem. if you implemented correctly, than write this inside, you will be config.php

 if (isset($_SERVER["REQUEST_URI"])) { if(stripos($_SERVER["REQUEST_URI"],'/mypage') === FALSE) { $config['csrf_protection'] = TRUE; } else { $config['csrf_protection'] = FALSE; } } else { $config['csrf_protection'] = TRUE; }

Creating APIs for Web Applications Using CodeIgniter CSRF Protection

More articles: