0

I am building a site with codeigniter and CSRF is set to true and is working perfectly. I have overidden CSRF to switch it off on one form just to cater for the particular details of that complicated example. However, the login form (with public access) has CSRF enabled and I do not want to override the CSRF for that form for obvious reasons.

The problem is that when I try to access the login form without the www in the domain (and this is not 'normal' or wanted but people do type in URL's without the www so I thought I should cover it), the form appears like normal, but the CSRF kicks in and denies access when the form is submitted.

I am not using any .htaccess files for the public pages, want to keep using the CSRF, but do not want users have problems if they happen to type in the url without the www.

Does anyone have any suggestions about what I can do about this?

Thank you in advance,

Paul

4

1 回答 1

1

无论您正在制作什么网站,允许两者site.com同时www.site.com存在通常是一种非常糟糕的 SEO 做法,因为它们被视为两个不同的网站,并且带有某些重复内容的惩罚等。

我建议坚持使用一个(没有 www使用 www)并据此优化您的 CSRF。它使用起来相当简单,您只需将永久重定向规则放在您的 .htaccess 中,例如看这个。

于 2013-05-10T13:13:46.010 回答