core Need functionality to disable automatic CSRF checking

Need functionality to disable automatic CSRF checking

Open kenjis opened this issue 9 years ago • 1 comments

If we enable automatic CSRF checking, all REST calls will fail, unless they contain a token, which is not likely.

See https://github.com/fuel/core/pull/1974#issuecomment-183992069

How to implement it?

Feb 21 '16 21:02 kenjis

CodeIgniter's implementation:

$config['csrf_exclude_uris'] = array('api/person/add');

$config['csrf_exclude_uris'] = array(
        'api/record/[0-9]+',
        'api/title/[a-z]+'
);

https://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf

Feb 22 '16 05:02 kenjis

core core copied to clipboard

Need functionality to disable automatic CSRF checking

core
core copied to clipboard