You can enable protection by editing config.php file and setting it to
To enable CSRF make the following statement TRUE from FALSE in application/config/config.php file.
$config[‘csrf_protection’] = TRUE;
In CodeIgniter, CSRF (Cross-Site Request Forgery) protection can be enabled by following these steps:
- Enable CSRF Protection in Config File: Ensure that CSRF protection is enabled in the
config.phpfile located inapplication/configdirectory. Set the$config['csrf_protection']variable toTRUE.
php
$config['csrf_protection'] = TRUE;
- Add CSRF Token to Forms: In your HTML forms, include the CSRF token as a hidden input field. You can generate the token using the
csrf_token()function provided by CodeIgniter.
php
<input type="hidden" name="<?= csrf_token(); ?>" value="<?= csrf_hash(); ?>">
- Validate CSRF Token: In your controller methods that handle form submissions, validate the CSRF token to ensure that the request is legitimate. You can do this using the
csrf_verify()function provided by CodeIgniter.
php
if ($this->input->method() === 'post') {
if (!csrf_verify()) {
// CSRF token validation failed, handle appropriately (e.g., show an error message or redirect)
} else {
// CSRF token validation passed, process the form data
}
}
By following these steps, you can effectively enable CSRF protection in CodeIgniter to mitigate against CSRF attacks.