codeigniter CSRF error: “The action you have requested is not allowed.”

问题:

i enabled the csrf_protection option in the codeigniter's config file, and used form_open() function to creat my forms. but when i submit the form, this error occurs:

The action you have requested is not allowed. 

i have done the answers like this topic (taht is most related to my question): question

but they didn't work and The problem still remains. config.php

controller (main.php):

load->controller('access_controll');     //}     public function index()     {             redirect('auth/login');     }     public function login()     {      }     public function registration()     {         $this->load->view('register');     }     public function forgot()     {      } }  /* End of file main.php */ /* Location: ./application/controllers/main.php */ 

view (login.php):

回答1:

The problem solved by this Solution:

set $config['cookie_secure'] in config file to FALSE if you're using HTTP.

回答2:

The easiest one for me was to whitelist the URI as explained in CodeIgniter User Guide (here)

Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the ‘csrf_exclude_uris’ config parameter:

$config['csrf_exclude_uris'] = array('api/person/add'); 

回答3:

In config/config.php I have

$config['csrf_token_name'] = 'my.token.name'; 

But when I use var_dump for $_POST I see:

 ["my_token_name"]=> string(32) "f5d78f8c8bb1800d10af59df8c302515" 

CI change my csrf_token_name (sic!)

Solution: I changed

$config['csrf_token_name'] = 'my.token.name'; 

to

$config['csrf_token_name'] = 'my_token_name'; 

Now it works.

回答4:

When all else failed, I noticed that I had my cookie variables set, removing cookie name, etc. resolved my issue.

回答5:

To everyone who tried everything that was suggested here, and still has this problem.

My issue was the expiration time of the cookie.

$config['csrf_expire'] = 7200; 

Afte the cookie expires and the user tries to submit an form, they will get the error

The action you have requested is not allowed. 

I added a simple javascript to every page, which fixes the issue for 99% of your users. (the 1% being users who have JS disabled in their browser)

setInterval(function () {   if(alert('Your session has expired!')){}   else    window.location.reload();  }, 7200000); 

回答6:

Just Include this in your form and everything will be fine then.

回答7:

In the config if you have set the cookie domain name

$config['cookie_domain']    = 'xyz.com'; 

and you browse using localhost. you will get the error

The action you have requested is not allowed

check that if helps

回答8:

Make sure that your BASE_URL matches the URL that you are viewing. I have two aliases (one was created for oauth) and the project works on both aliases, but CSRF will fail if the BASE_URL doesn't match the URL in the browser.

回答9:

change line no 451

$config['csrf_protection'] = true; 

to

$config['csrf_protection'] = false; 

Because this csrf_protection is deprecated in CodeIgniter.

回答10:

I've found a solution to this problem which is quite simple. I removed the div with the display:none style surrounding the csrf_protection input. The div is not relevant since the input type is set to hidden. In CodeIginiterFolder/system/helpers/form_helper.php, I changed the following content (around line 75) :

if (is_array($hidden) AND count($hidden) > 0) {     $form .= sprintf("
%s
", form_hidden($hidden)); } 

for the following one :

if (is_array($hidden) AND count($hidden) > 0) {     $form .= form_hidden($hidden); } 

文章来源: codeigniter CSRF error: “The action you have requested is not allowed.”