Why doesn't "csrf_protection" work on a clean ExpressionEngine install?

So I installed EE for the very first time. Copied the files, created the DB and user, ran the installation, and everything worked great.

Next, I go into my config file and set:

$config['csrf_protection'] = TRUE;

That’s all it takes… now I can’t log into the Control Panel! I get the “The action you have requested is not allowed.”

What am I doing wrong!?

Solution

Why are you trying to set that in your config file? I'm pretty sure csrf_protecton is a CodeIgniter setting and not properly supported by EE. EE has other built in security measures to avoid CSRF attacks.

How can I manipulate a form / inputs to be ignored when a form is submitted
ExpressionEngine Channel not appearing in select list on entry
ExpressionEngine comments import to Disqus
Codeigniter Database Forge with multiple DB connections
Expressionengine prev next display only 1 category
file_exists(): Unable to find the wrapper "sftp" - did you forget to enable it when you configured PHP?
Is there an easy way to tell if a site is running expression engine?
Best way to recieve a webhook and send back http response with status code on ExpressionEngine (version 5.4)
Passing entry_ids to channel:entries tag with low variables entries select
getElementById that have existing ids which are created dynamically
Adding Javascript file into Expression Engine
Expression engine showing garbage content while using PHP
ExpressionEngine Custom Control Panel tab not working
sql query to convert new line character to a html <br>
ExpressionEngine content based on url segment
Quickest way to get Expression Engine v 2.5.5 working with PHP7
How do I remove/fix that Expressionengine adds "index.php" in urls of template groups that has nothing to do with the index page
Elements in array (when reproduced from a dictionary value) are reversed
ExpressionEngine 5 - Cookie Consent Solutions
Case Sensitive URL's - Can this be avoided?
What are the some best ways to secure expressionengine?
Can't increase MAMP php memory limit
EE 5.x - How to suppress login/logout confirmation page
photoswipe slideshow doesnt show using jquery mobile and expression engine
How to increase limit of 'decimal' field in expressionengine
ExpressionEngine transferring variable for title name
Issue with Bootstrap datetimepicker and ExpressionEngine channel form template tag
Unable to Remove index.php on ExpressionEngine WAMP Installation
Vimeo embed on webpage causes an error
ajax form submission with second form submission if successful