Codeigniter and Ckfinder csrf_exclude_uris

codeigniter csrf
disable csrf codeigniter
how to enable csrf in codeigniter
codeigniter csrf header
codeigniter security
set csrf token codeigniter
codeigniter csrf ajax problem
sxsi attack in codeigniter

I'm having an issue with Codeigniter 3 and CKfinder regards the CSRF Protection

If I use the below in my Codeigniter Config file CKFinder image upload works fine

$config['csrf_protection'] = FALSE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

if I change the $config['csrf_protection'] = TRUE; CKFinder image uploads fail

What I need is to be able to exclude CKFinder from falling under the CSFR Protection - I've tried the below but nothing seems to work:

$config['csrf_exclude_uris'] = array('assets/plugins/ckfinder/.*+', 'assets/plugins/ckfinder/ckfinder.js', 'assets/plugins/ckfinder', 'admin/news/.*+');

Any pointers would be appreciated

# Its work fine #
$config['csrf_protection'] = TRUE;
  $parts = explode("/",$_SERVER["PHP_SELF"]);
  $exclude_url_arr = array('login');
  if (!empty($exclude_url_arr[0])) {
    foreach($parts as $part) {
      if (in_array($part,$exclude_url_arr)) {
          $config['csrf_protection'] = FALSE;

Codeigniter и Ckfinder csrf_exclude_uris, Надеюсь, это может сработать. он работал в моем случае. $config['​csrf_exclude_uris'] = array('assets/plugins/ckfinder/[\s\S]*');. но, насколько мне известно,  I'm trying to exclude a certain controller/method from CSRF checks, but the $config['csrf_exclude_uris'] setting seems to be ignored. I'm posting information from a

Hope this may work. it worked in my case.

$config['csrf_exclude_uris'] = array('assets/plugins/ckfinder/[\s\S]*');

but as far my knowledge "assets" resources don't need any csrf protection.

Security Class, Loading the Library¶. If your only interest in loading the library is to handle CSRF protection, then you will never need to load it, as it runs as a filter and has no  $ config ['csrf_exclude_uris'] = array (); If you create a form ( form_open() ) using CodeIgniter form helper, you will find a hidden CSRF filed in your form. If you are not using CI’s form helper, hidden input field will not generate automatically you have to set it manually as shown below, past this inside your form.

URL which submit the form data.

Add lines below in config.php file. This will work.

$config['**csrf_exclude_uris**'] = array(

-- deviceProcess : Controller

--- pushData : Method

----- URL : http://hostname/index.php/device/deviceProcess/pushData

CKFinder File Browser (CKEditor plugin) and CodeIgniter, I've succesfully integrated the CKEditor WYSIWYG and the CKFinder plugin to upload local contents to the server. The problem is that the  When set to TRUE, token will be | checked on a submitted form. If you are accepting user data, it is strongly | recommended CSRF protection be enabled. | | 'csrf_token_name' = The token name | 'csrf_cookie_name' = The cookie name | 'csrf_expire' = The number in seconds the token should expire.

codeigniter: Codeigniter и Ckfinder csrf_exclude_uris, У меня проблема с Codeigniter 3 и CKfinder касается защиты CSRF. Если я использую ниже в моем файле конфигурации Codeigniter  I wanna load CKEditor in CodeIgniter,I search a lot,but can't understand their way. I placed ckeditor in application/plugins folder and now I wanna make editor ,so I do following in Controller Method.

Вопросы про ckfinder и лучшие ответы, Codeigniter и Ckfinder csrf_exclude_uris · codeignitercsrfckfinder. добавлено 06 Июнь 2017 в 03:56 автор user3507560, Информационные технологии  CKFinder is a powerful Ajax file manager for web browsers which offers: drag-and-drop support, multiple file uploads, multi-language support, quality image thumbnails, a powerful ACL system and support for user roles. Supported languages: ASP, ASP.NET, ColdFusion, Java and PHP.

« first day (444 days earlier) ← previous day next day → last day (749 days later) »

  • you need to find a way to send csrf token along with all ajax and also update csrf token on html side after ajax response.
  • you should mention all URI which should not check for csrf. What URL it shows in network tab of browser debug console ? it will help you to decide proper URI.
  • The CKFinder $post varies depending on the action. One example is: /assets/plugins/ckfinder/core/connector/php/connector.php?command=DeleteFiles&lang=en&type=Images&currentFolder=%2F&hash=91aa280181912a4c - I need to be able to exclude: /assets/plugins/ckfinder/core/connector/php/* but I'm not sure how I do this?
  • try $config['csrf_exclude_uris'] = ['assets/plugins/ckfinder/.*?'];
  • thank you - but that didn't work