codeigniter CSRF error: “The action you have requested is not allowed.”

Question

I enabled the csrf_protection option in codeigniter\'s config file, and used form_open() function to create my forms. But when I submit the form, this error occurs:

Answer 1

if you allow true in $config['csrf_protection'] = true; within config file and you are also add autoload form than we can use.

Step 1. within config folder autoload file upload form helper

$autoload['helper'] = array('url', 'file','form');

Step 2.

$config['csrf_protection'] = true; 

Step 3. while uploading in view folder

<?php echo form_open_multipart('admin/file_upload'); ?>

Otherwise, you can use only

$config['csrf_protection'] = false;

Answer 2

In the config if you have set the cookie domain name

$config['cookie_domain']    = 'xyz.com';

and you browse using localhost. you will get the error

The action you have requested is not allowed

check that if helps

Answer 3

I got this error white creating a csv_upload form . just put this code in your form.

<input type="hidden" 
               name="<?php echo $this->security->get_csrf_token_name();?>" 
               value="<?php echo $this->security->get_csrf_hash();?>">

Answer 4

Just Include this in your form and everything will be fine then.

<input type="hidden" name="<?php echo $this->security->get_csrf_token_name();?>" value="<?php echo $this->security->get_csrf_hash();?>">

Answer 5

The easiest one for me was to whitelist the URI as explained in CodeIgniter User Guide (here)

Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the ‘csrf_exclude_uris’ config parameter:

$config['csrf_exclude_uris'] = array('api/person/add');

Answer 6

When all else failed, I noticed that I had my cookie variables set, removing cookie name, etc. resolved my issue.