How to Enable CSRF in CodeIgniter?

In CodeIgniter, you can allow CSRF (Cross Site Request Forgery) security by setting in application/config/config.php file the option value below to TRUE. You can defend CodeIgniter from the attack of forgery from cross-site requests.

$config['csrf_protection'] = TRUE;  

If you are using the helpful function form_open(). This will create and automatically add a ‘hidden’ CSRF token to your forms. Codeigniter will then automatically test this token as part of the security funciton on each submission form. When it detects a CSRF error it will immediately throw a 401 error.

If you do not use form_open(), this does not automatically create the secret input field. Could be inserted manually. You need to manually attach it as shown below, past this within your form.

<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>" />

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments