In my web application csrf token work fine. But I want to disable that for API call which API call from my android app. I am using another authentication for my API. Please tell me how I can disable csrf token for my all function of the API controller. I tried to add access in my controller as the header but it is not working. Please help me.
public function __construct() {
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow- Methods: POST, GET, PUT, DELETE, OPTIONS');
}
As you want to disable CSRF feature just in the controller, you can change the config value of "csrf_protection" via $this->config->set_item('csrf_protection', false);
in constructor method.
Another and best way will be by adding paths in the config file to exclude from CSRF checks
$config['csrf_exclude_uris'] = array('api/person/add');
For more information look at CI3 CSRF
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.