What is CSRF protection in CodeIgniter 4?
Answer
CodeIgniter 4 provides built-in CSRF protection via the Security filter. Enable in app/Config/Security.php: $csrfProtection = "cookie" (or "session"). Apply the Security filter globally in app/Config/Filters.php or per route. In HTML forms, include the CSRF field: <?= csrf_field() ?> — generates a hidden input with the token. Or manually: <input type="hidden" name="<?= csrf_token() ?>" value="<?= csrf_hash() ?>">. For AJAX requests, include the token in headers or request body. If validation fails, a 403 response is returned. Exclude specific routes from CSRF: add them to the $except array in the Security configuration (useful for webhook endpoints that receive external POST requests).
Previous
What is the Email library in CodeIgniter 4?
Next
What is the File Upload class in CodeIgniter 4?