Error In Login Due To Lack Of CSRF Token
I am creating a web app as well as android application. For website i am using code igniter in which i have enabled as:
$config['csrf_protection']=TRUE;
now when a user tries to login from android application (which also uses that login) android can't query the server since android app does not have a csrf token. I don't want to remove csrf protection. is there another way to solve this?
Answer
When csrf protection is on in codeigniter, codeigniter check every form submission if there was any value of crsf hash key with the name of csrf token, so you have to submit every form with the csrf data.
Make a function like
csrf_details(){
$csrf = array(
'name' => $this->security->get_csrf_token_name(),
'hash' => $this->security->get_csrf_hash()
);
echo json_encode($csrf);
}
get those details with curl or something like that on android by below link http://domain.name/controller/csrf_details
put the value in a variable
$details = file_get_contents(http://domain.name/controller/csrf_details);
make form like this
<input type="hidden" name="<?php echo $details['name']?>" value="<?php echo $details['hash']?>"/>
when you gonna submit this form this hash value will be submitted with the formdata as csrf token
Related Questions
- → should I choose reactjs+f7 or f7+vue.js?
- → Phonegap Android write to sd card
- → Local reference jquery script in nanohttpd (Android)
- → Click to navigate on mobile devices
- → How to allow api access to android or ios app only(laravel)?
- → Access the Camera and CameraRoll on Android using React Native?
- → React native change listening port
- → What is the default unit of style in React Native?
- → Google play market autocomplete icon
- → Warning: Each child in an array or iterator should have a unique "key" prop. Check the render method of `ListView`
- → Using Laravel with Genymotion
- → react native using like web-based ajax function
- → react native pdf View