开发者

CodeIgniter CSRF and localhost

I am currently working locally (myhostname.local) to begin a development proj开发者_如何学Pythonect in CodeIgniter and am trying to do a simple login form submission and the CSRF protection is not working. I get the error:

An Error Was Encountered

The action you have requested is not allowed.

A couple of things to note:

  1. I am using CI Reactor 2.0.2
  2. I am running everything from a local host (myhostname.local)

My form:

<?=form_open('home/login');?>
... username/password fields in here ...
<?=form_close();>

My controller:

public function login()
{

    $this->form_validation->set_rules('email','Email','trim|required');
    $this->form_validation->set_rules('password','Password','required');

    if($this->form_validation->run() === FALSE)
    {
        ... form did not pass validation ...
    }
    else
    {
        ... form passed ...
    }

}

When I submit the form to http://myhostname.local/home/login I get the above error.

Any help on why this is happening is much appreciated.

Thanks! Sean


It appears that setting values in the config.php file for cookies has a big impact. Once I set these back to defaults everything started working correctly again:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "";
$config['cookie_path']    = "/";
$config['cookie_secure']    = FALSE;


I have encountered a similar issue; I keep getting "The action you have requested is not allowed." error message when I am trying to submit my login form. I am working locally with a virtual linux box. It turned out that my problem had something to do with date time setup on the virtual machine. Once I update date to match my host machines date time, the problem disappears.

I am using CondeIgniter v. 2.1.0.

Here are parts of my config.php file:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "";
$config['cookie_path']      = "/";
$config['cookie_secure']    = FALSE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'my_csrf_token';
$config['csrf_cookie_name'] = 'mycsrf';
$config['csrf_expire'] = 7200;

I hope this info helps someone experiencing a similar issue.


Running CI 2.1.0 on a localhost setup with MAMP.

Installation of CI is brand new, with no extras. Simply following along the 'Tutorial' in the User Guide, and came across the same error after creating my first form, and enabling CSRF in the configs.

The 'form_open()' is used to open the form. The hidden field is being created. The error appears every time: "the action you have requested is not allowed".

After playing around with the cookie config options in config.php, as suggested here, I found that in my case the culprit seems to be the 'cookie_prefix' config. It must be left BLANK, otherwise it causes this error. Once it is left blank, everything works.

I hope this may prove useful to others.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜