CSRF令牌Codeigniter
[英]CSRF token Codeigniter
问题描述
I am developing a website with CI and i have enabled CSRF for my forms which i am using with my website. 
我正在使用CI开发一个网站,并且已经为我的网站使用的表单启用了CSRF。 The problem is that i want a form not to use the CSRF token. 问题是我希望表单不使用CSRF令牌。 The reason is that the user is going to watch a video and the video is a little bit longer then the expiration and due to security reasons i cannot increase the expiry of the token. 原因是用户将要观看视频,并且视频要比到期时间长一点,并且由于安全原因,我无法增加令牌的到期时间。 Moreover the form does not need to be secure as i making other hard coded filtering and sanitizing of the data and it doesn't make sense for the user to copy the form link and use it from another place. 而且,表单不需要是安全的,因为我进行了其他硬编码的数据过滤和清理,因此用户复制表单链接并从其他地方使用它是没有意义的。
Is it possible for this form to bypass the CSRF token? 此表格是否可以绕过CSRF令牌?
Regards 问候
1 个解决方案
解决方案1
1 已采纳 2015-10-31 10:42:15
I have found the solution. 我找到了解决方案。 For those who are wondering about regarding the same problem here is the answer: 对于那些想知道有关同一问题的人,这里的答案是:
in the config.php file where you enable csrf token there is an array element $config['csrf_exclude_uris'] which accepts uri to whitelist for the csrf mechanism to ignore. 在启用csrf令牌的config.php文件中,有一个数组元素$config['csrf_exclude_uris']接受uri将csrf机制忽略的白名单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.