892   CodeIgniter CSRF PHP

CI 提供了csrf_token验证的方式来防止CSRF攻击,
1,在配置文件config.php开启

$config['csrf_protection'] = true;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

2,使用方法也很简单

// 后端生产token
$csrf = array(
        'name' => $this->security->get_csrf_token_name(),
        'hash' => $this->security->get_csrf_hash()
);

...

// 前端获取token

或者使用form类的form_open函数


// 会自动生产token
form_open('', array('class'=>'form-horizontal','id' => 'loginForm'));

3,验证在system/core/input类中进行

		// CSRF Protection check
		if ($this->_enable_csrf === TRUE && ! is_cli())
		{
			$this->security->csrf_verify();
		}

就是调用security类进行验证的

官网资料:https://codeigniter.com/user_guide/libraries/security.html?highlight=csrf#CI_Security::get_csrf_hash




Leave a Reply

Your email address will not be published. Required fields are marked *