CodeIgniter CSRF 和 localhost
我目前正在本地工作(myhostname.local),以在 CodeIgniter 中开始一个开发项目,并尝试进行简单的登录表单提交,但 CSRF 保护不起作用。我收到错误:
遇到错误
不允许您请求的操作。
有几件事需要注意:
- 我正在使用 CI Reactor 2.0.2
- 我从本地主机 (myhostname.local) 运行所有内容
我的表单:
<?=form_open('home/login');?>
... username/password fields in here ...
<?=form_close();>
我的控制器:
public function login()
{
$this->form_validation->set_rules('email','Email','trim|required');
$this->form_validation->set_rules('password','Password','required');
if($this->form_validation->run() === FALSE)
{
... form did not pass validation ...
}
else
{
... form passed ...
}
}
当我将表单提交到 http://myhostname.local/home/login 我收到上述错误。
非常感谢任何关于为什么会发生这种情况的帮助。
谢谢! 肖恩
I am currently working locally (myhostname.local) to begin a development project in CodeIgniter and am trying to do a simple login form submission and the CSRF protection is not working. I get the error:
An Error Was Encountered
The action you have requested is not allowed.
A couple of things to note:
- I am using CI Reactor 2.0.2
- I am running everything from a local host (myhostname.local)
My form:
<?=form_open('home/login');?>
... username/password fields in here ...
<?=form_close();>
My controller:
public function login()
{
$this->form_validation->set_rules('email','Email','trim|required');
$this->form_validation->set_rules('password','Password','required');
if($this->form_validation->run() === FALSE)
{
... form did not pass validation ...
}
else
{
... form passed ...
}
}
When I submit the form to http://myhostname.local/home/login I get the above error.
Any help on why this is happening is much appreciated.
Thanks!
Sean
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
看来在 config.php 文件中设置 cookie 的值有很大的影响。
一旦我将它们设置回默认值,一切又开始正常工作:
It appears that setting values in the config.php file for cookies has a big impact.
Once I set these back to defaults everything started working correctly again:
我也遇到过类似的问题;我不断收到“不允许您请求的操作。”当我尝试提交登录表单时出现错误消息。我在本地使用虚拟 Linux 盒子工作。事实证明,我的问题与虚拟机上的日期时间设置有关。一旦我更新日期以匹配我的主机日期时间,问题就消失了。
我正在使用 CondeIgniter v.2.1.0。
以下是我的 config.php 文件的部分内容:
我希望此信息可以帮助遇到类似问题的人。
I have encountered a similar issue; I keep getting "The action you have requested is not allowed." error message when I am trying to submit my login form. I am working locally with a virtual linux box. It turned out that my problem had something to do with date time setup on the virtual machine. Once I update date to match my host machines date time, the problem disappears.
I am using CondeIgniter v. 2.1.0.
Here are parts of my config.php file:
I hope this info helps someone experiencing a similar issue.
使用 MAMP 在本地主机设置上运行 CI 2.1.0。
CI 的安装是全新的,没有额外的东西。只需按照用户指南中的“教程”进行操作,在创建第一个表单并在配置中启用 CSRF 后遇到相同的错误。
'form_open()' 用于打开表单。正在创建隐藏字段。 每次都会出现错误:“不允许您请求的操作”。
在按照此处的建议使用 config.php 中的 cookie 配置选项后,我发现在我的情况下,罪魁祸首似乎是“cookie_prefix”配置。它必须留空,否则会导致此错误。一旦留空,一切就正常了。
我希望这对其他人有用。
Running CI 2.1.0 on a localhost setup with MAMP.
Installation of CI is brand new, with no extras. Simply following along the 'Tutorial' in the User Guide, and came across the same error after creating my first form, and enabling CSRF in the configs.
The 'form_open()' is used to open the form. The hidden field is being created. The error appears every time: "the action you have requested is not allowed".
After playing around with the cookie config options in config.php, as suggested here, I found that in my case the culprit seems to be the 'cookie_prefix' config. It must be left BLANK, otherwise it causes this error. Once it is left blank, everything works.
I hope this may prove useful to others.