How I can disable csrf token for some controller in Codeigniter

Question

In my web application csrf token work fine. But I want to disable that for API call which API call from my android app. I am using another authentication for my API. Please tell me how I can disable csrf token for my all function of the API controller. I tried to add access in my controller as the header but it is not working. Please help me.

public function __construct() {
    
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow- Methods: POST, GET, PUT, DELETE, OPTIONS');
}

score 5 · Accepted Answer · answered Jun 25 '20 at 13:36

5

As you want to disable CSRF feature just in the controller, you can change the config value of "csrf_protection" via $this->config->set_item('csrf_protection', false); in constructor method.

Another and best way will be by adding paths in the config file to exclude from CSRF checks

$config['csrf_exclude_uris'] = array('api/person/add');

For more information look at CI3 CSRF

answered Jun 25 '20 at 13:36

mail2bapi

1,547
1
12
18

Thanks for your response...it works fine. But If I want to disable csrf for all controller in one folder. Then this process is correct or not? – Arpan Sarkar Jun 25 '20 at 13:59
You can use either one on them – mail2bapi Jun 25 '20 at 14:00

score 0 · Answer 2 · answered Jul 06 '23 at 05:53

0

In codeigniter4 , goto Config/Filters.php and add

'csrf' => ['except' => ['Admin/index','Dashboard/index']],

in the public $globals array

This will exclude csrf checking for the pages Admin/index and Dashboard/index

answered Jul 06 '23 at 05:53

Tanzeem

29
8

How I can disable csrf token for some controller in Codeigniter

2 Answers2