开发者

CodeIgniter CSRF and localhost

问答 作者:

I am currently working locally (myhostname.local) to begin a development proj开发者_如何学Pythonect in CodeIgniter and am trying to do a simple login form submission and the CSRF protection is not working. I get the error:

An Error Was Encountered

The action you have requested is not allowed.

A couple of things to note:

  1. I am using CI Reactor 2.0.2
  2. I am running everything from a local host (myhostname.local)

My form:

<?=form_open('home/login');?>
... username/password fields in here ...
<?=form_close();>

My controller:

public function login()
{

    $this->form_validation->set_rules('email','Email','trim|required');
    $this->form_validation->set_rules('password','Password','required');

    if($this->form_validation->run() === FALSE)
    {
        ... form did not pass validation ...
    }
    else
    {
        ... form passed ...
    }

}

When I submit the form to http://myhostname.local/home/login I get the above error.

Any help on why this is happening is much appreciated.

Thanks! Sean

It appears that setting values in the config.php file for cookies has a big impact. Once I set these back to defaults everything started working correctly again:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "";
$config['cookie_path']    = "/";
$config['cookie_secure']    = FALSE;

I have encountered a similar issue; I keep getting "The action you have requested is not allowed." error message when I am trying to submit my login form. I am working locally with a virtual linux box. It turned out that my problem had something to do with date time setup on the virtual machine. Once I update date to match my host machines date time, the problem disappears.

I am using CondeIgniter v. 2.1.0.

Here are parts of my config.php file:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "";
$config['cookie_path']      = "/";
$config['cookie_secure']    = FALSE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'my_csrf_token';
$config['csrf_cookie_name'] = 'mycsrf';
$config['csrf_expire'] = 7200;

I hope this info helps someone experiencing a similar issue.

Running CI 2.1.0 on a localhost setup with MAMP.

Installation of CI is brand new, with no extras. Simply following along the 'Tutorial' in the User Guide, and came across the same error after creating my first form, and enabling CSRF in the configs.

The 'form_open()' is used to open the form. The hidden field is being created. The error appears every time: "the action you have requested is not allowed".

After playing around with the cookie config options in config.php, as suggested here, I found that in my case the culprit seems to be the 'cookie_prefix' config. It must be left BLANK, otherwise it causes this error. Once it is left blank, everything works.

I hope this may prove useful to others.

继续阅读:codeignitercsrfphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9