CodeIgniter CSRF + Ajax

Just discovered an issue while trying to post data to a controller in CodeIgniter with ajax. If you have CSRF protection enabled in your config.php, the Security class will check for the CSRF token to verify credentials.

A quick and easy solution is to turn off CSRF protection in your config.php is by checking the REQUEST_URI like so:

if(stripos($_SERVER[“REQUEST_URI”],’/controller’) === FALSE){
  $config[‘csrf_protection’] = TRUE;
} else {
  $config[‘csrf_protection’] = FALSE;

Hope this helps someone.

Alex Ho

Alex is the Lead Developer at NYCEDC working as a front-end/back-end developer and sysadmin. He has a Graphic Design certification from NYU and is a UX practitioner.