codeigniter CSRF error: “The action you have requested is not allowed.”

Question

I enabled the csrf_protection option in codeigniter\'s config file, and used form_open() function to create my forms. But when I submit the form, this error occurs:

Answer 1

Make sure that your BASE_URL matches the URL that you are viewing. I have two aliases (one was created for oauth) and the project works on both aliases, but CSRF will fail if the BASE_URL doesn't match the URL in the browser.

Answer 2

My config:

$config['csrf_protection'] = true;
$config['csrf_token_name'] = 'csrf_token_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = false;
$config['csrf_exclude_uris'] = array();

Form:

<?php echo form_open_multipart('form/create'); ?>

I did had the same problem. There wasn't any issue with the configuration or any code related bug.

(In my case) The problem was the form's URL was like http://localhost/project/form but the form was submitted to http://[::1]/project/form/create

Problem root was the domain name where the CSRF token was generated and the domain where they were checked. Simply changing the form's URL to http://[::1]/project/form resolved the problem with my project.

It was just a minor workaround, this issue never occurred in the actual production domain