If you are trying to execute a POST request using REST API on CodeIgniter, and stoked with Page Error 500, or Request Page Not Found error,
An Error Was Encountered The action you have requested is not allowed.Then, please check for CSRF Protection check on application/config/config.php file > Line No below. 340 If you are already using the CSRF Security or already enabled, then add the following code just below 'csrf_expire' line.
/** Start of CSRF Skip for APIs Request
*
* If the REQUEST_URI has method is POST and requesting the API url,
* then skip CSRF check, otherwise don't do.
*/
if (isset($_SERVER["REQUEST_URI"]) &&
(isset($_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'POST') ))
{
if ( stripos($_SERVER["REQUEST_URI"], '/api/') === false )
{
// If POST request is not for api request, Apply CSRF True
$config['csrf_protection'] = TRUE;
}
else {
// If POST request is for API, Skip CSRF Check
$config['csrf_protection'] = FALSE;
}
}
/** End of CSRF Skip for APIs Request */
I think better to allow API URL in config file.
ReplyDelete