CodeIgniter仅在某些页面中使用CSRF保护 [英] CodeIgniter use CSRF protection only in some pages
问题描述
我想做的是保护某些敏感表单免受 codeigniter
中的 CSRF
攻击,但不是所有页面。
What I want to do is to protect some sensitive forms from CSRF
attack in codeigniter
but not all pages.
如果我在config.php中进行设置,则要保护它免受 CSRF
的影响,它适用于所有页面。是否可以通过在控制器中设置仅对某些页面执行此操作?
To protect from CSRF
if I set it in config.php it applies for all pages. is there any way to do that only for some pages by setting in controller?
$config['csrf_protection'] = TRUE;
推荐答案
现在CI3具有此功能,我们可以排除配置
中的URI http://www.codeigniter.com/userguide3/libraries/security.html?highlight=csrf#cross-site-request-forgery-csrf
Now the CI3 have this feature, we can exclude the URIs in the config http://www.codeigniter.com/userguide3/libraries/security.html?highlight=csrf#cross-site-request-forgery-csrf
$config['csrf_exclude_uris'] = array('api/person/add');
$config['csrf_exclude_uris'] = array(
'api/record/[0-9]+',
'api/title/[a-z]+'
);
这篇关于CodeIgniter仅在某些页面中使用CSRF保护的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!