CODEWITHSUNDEEP
phpcodeigniterrest
vikingshore
vikingshore

Reputation: 175

codeigniter rest server POST "not allowed", but GET works fine

I am using codeigniter-restserver by Phil Sturgeon,

https://github.com/chriskacerguis/codeigniter-restserver

here is an problem I encountered:

When I do PUT request, everything works, but when I do POST, I got "500 Internal Server Error"

<div id="container">
  <h1>An Error Was Encountered</h1>
  <p>The action you have requested is not allowed.</p>
</div>

my code is the following:

function test_post()
{
    $this->response('ok', 200); // 200 being the HTTP response code
}

function test_get()
{
    $this->response('ok', 200); // 200 being the HTTP response code
}

the working GET handelling can be found in the following URL

https://manage.pineconetassel.com/index.php/api/example/test/

NOTE that I allowed https only.

I used hurl.it to test the POST method, and it does not work.

here is the rest.php config:

$config['force_https'] = TRUE;
$config['rest_default_format'] = 'json';
$config['rest_status_field_name'] = 'status';
$config['rest_message_field_name'] = 'error';
$config['enable_emulate_request'] = TRUE;
$config['rest_realm'] = 'REST API';
$config['rest_auth'] = false;
$config['auth_source'] = 'ldap';
$config['auth_library_class'] = '';
$config['auth_library_function'] = '';
$config['rest_valid_logins'] = array('admin' => '1234');
$config['rest_ip_whitelist_enabled'] = false;
$config['rest_ip_whitelist'] = '';
$config['rest_ip_blacklist_enabled'] = false;
$config['rest_ip_blacklist'] = '';
$config['rest_database_group'] = 'default';
$config['rest_keys_table'] = 'keys';
$config['rest_enable_keys'] = FALSE;
$config['rest_key_column'] = 'key';
$config['rest_key_length'] = 40;
$config['rest_key_name'] = 'X-API-KEY';
$config['rest_logs_table'] = 'logs';
$config['rest_enable_logging'] = FALSE;
$config['rest_access_table'] = 'access';
$config['rest_enable_access'] = FALSE;
$config['rest_logs_json_params'] = FALSE;
$config['rest_limits_table'] = 'limits';
$config['rest_enable_limits'] = FALSE;
$config['rest_ignore_http_accept'] = FALSE;
$config['rest_ajax_only'] = FALSE;

Did I do something wrong or use a wrong way to test the POST or I need to configure something?

Upvotes: 3

Views: 5834

Answers (2)

fsevenm
fsevenm

Reputation: 959

The accepted answer is right. But if you don't want to disable $config['csrf_protection'] in case you need it for web form, you need to exclude the REST API URIs, for example, your REST url starts with /api/, simply set

$config['csrf_exclude_uris'] = array(
   'api/[a-z0-9/_-]+'
);

It is also under config/config.php. I use regular expression to make it simple.

Upvotes: 3

Niebieski
Niebieski

Reputation: 609

set $config['csrf_protection'] = FALSE; in config/config.php

Note it is not uder config/rest.php

Upvotes: 6

Related Questions