Codeigniter CSRF 令牌问题
我创建了一个简单的注册/新闻通讯网站,但我遇到了一个奇怪的问题.有些人收到一个错误提示
I've made a simple signup/newsletter site, but I've got a weird problem. Some people get a error that says
遇到错误 操作您的请求不被允许.
An Error Was Encountered The action you have requested is not allowed.
我已经尝试过 google,发现当 CSRF 设置为 true 时人们也遇到了同样的问题.然而,我不会发生在每个人身上,只是一小部分人.我正在使用 form_open 和 form_close,我可以看到隐藏字段(令牌).
I've already tried google and found that people had the same problem when CSRF was set to true. However, i doesn't happens to everyone, just a small group of people. I'm using form_open and form_close and i can see the hidden field (token).
我正在使用最新版本的 Codeigniter 2.0.2
I'm using the latest version of Codeigniter 2.0.2
这是我的控制器
function __construct() {
parent::__construct();
session_start();
}
function index() {
$this->load->model('beta_signup_model');
$this->form_validation->set_rules('mail','e-mail','required|valid_email|xss_clean|callback__mail_check');
// Check for errors
if($this->form_validation->run() == FALSE) {
// The system found a form validation error
} else {
// No errors found
$_SESSION['mail_success'] = 1;
$_SESSION['mail'] = $this->input->post('mail');
redirect(base_url() . 'confirm');
}
///// FILLS OUT INPUT FIELDS /////
// Loads field_populator_helper
$this->load->helper('field_populator_helper');
// Defines input field names
$input_names = array(
'mail',
);
// Defines default values
$default_values = array(
'Skriv inn e-posten din..',
);
// Auto-populates fields with blur and focus
$data['field_populator'] = populateFields($input_names, $default_values);
$this->load->view('frontpage_view', $data);
}
推荐答案
我遇到了同样的问题:在 MAMP 上完全干净地安装 CI 2.1.0,并按照用户指南中的教程进行操作.
I had the same problem: totally clean instal of CI 2.1.0, on MAMP, and just following along the tutorial in the User Guide.
经过大量搜索和谷歌搜索,我发现在'application/config.php'中,变量$config['cookie_prefix']必须始终设置为空,否则如果打开CSRF保护,则会出现此错误发生.
After a lot of searching and googling, I found that in 'application/config.php', the variable $config['cookie_prefix'] must always be set to empty, otherwise if CSRF protection is turned on, this error will occur.
可能还涉及其他问题 - 即会话库、加密或 XSS 保护等 - 但只是将cookie_prefix"留空似乎已经为我排序了.
It could be that there are other issues involved - ie., session library, encryption or XSS protection, etc. - but just leaving the 'cookie_prefix' empty seems to have sorted it for me.
我希望这对其他人有所帮助.
I hope this helps others.
相关文章