我的网站工作得很好,没有问题,然后突然间我收到错误“遇到错误 - 在每个表单提交时都不允许你请求的操作”。
我正在使用带有SSL的Codeigniter 3并且我已启用CSRF保护。我最近没有改变任何东西所以我不知道为什么我的网站停止工作。如果我关闭CSRF,表单提交工作正常。
设置
$config['base_url'] = 'https://www.mywebsite.com';
$config['index_page'] = '';
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '.mywebsite.com';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE;
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'msmm_tn';
$config['csrf_cookie_name'] = 'msmm_cn';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();
形成
<form action="https://www.mywebsite.com/" class="navbar-form navbar-left" id="search" method="post" accept-charset="utf-8">
<input type="hidden" name="msmm_tn" value="caeea1bc65c09f29691a1a692e09a30a" style="display:none;" />
<input type="hidden" name="token" value="ada2832a" style="display:none;" />
<input type="hidden" name="date-search-form" id="date-search-form" value="X">
<div class="form-group">
<input type="date" class="form-control input-md" name="from_date" id="from_date" value="2017-08-15" />
</div>
<div class="form-group">
<input type="date" class="form-control input-md" name="to_date" id="to_date" value="2017-08-16" />
</div>
<div class="form-group">
<input type="search" class="form-control input-md" name="search_text" id="search_text" placeholder="Search" value="">
</div>
<div class="form-group">
<button type="submit" class="btn btn-default btn-sm" name="go" id="go"><i class="fa fa-search" aria-hidden="true"></i>
</button>
</div>
</form>
</div>
服务器端表单代码:
<?php
$attributes = array('class' => 'form-horizontal', 'id' => 'signup');
echo form_open('', $attributes);
?>
<?php
if( isset( $login_error_mesg ) )
{
echo '<div class="alert alert-danger input_bump" role="alert">';
echo 'Invalid Username, Email Address, or Password.<br>Username, email address and password are all case sensitive.';
echo '</div>';
}
if( $this->input->get('logout') )
{
echo '<div class="alert alert-success input_bump text-center" role="alert"><p>You have successfully logged out.</p></div>';
}
?>
<div class="form-group form-padding">
<label class="form-label" for="login_name">User Name or Email</label>
<input type="text" class="form-control form-fixer input-md" name="login_string" id="login_string" value="<?php echo $this->input->post('login_string'); ?>">
</div>
<div class="form-group form-padding">
<label class="form-label" for="pwd">Password</label>
<input type="password" class="form-control input-md" id="login_pass" name="login_pass" maxlength="<?php echo config_item('max_chars_for_password'); ?>" autocomplete="off" />
</div>
<div class="input_bump">
<?php
$link_protocol = USE_SSL ? 'https' : NULL;
?>
<p>
<a href="<?php echo site_url('recover', $link_protocol); ?>">Can't access your account?</a>
</p>
</div>
<div class="form-group form-padding">
<button type="submit" class="btn btn-success btn-full">Sign In</button>
</div>
<?php echo form_close(); ?>
只需添加Controller uri:
$config['csrf_exclude_uris'] = array();
//e.g. $config['csrf_exclude_uris'] = array('register/add_member');
register是你的控制者,add_member是方法。