Codeigniter and Ckfinder csrf_exclude_uris

Question

I'm having an issue with Codeigniter 3 and CKfinder regards the CSRF Protection

If I use the below in my Codeigniter Config file CKFinder image upload works fine

$config['csrf_protection'] = FALSE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

if I change the $config['csrf_protection'] = TRUE; CKFinder image uploads fail

What I need is to be able to exclude CKFinder from falling under the CSFR Protection - I've tried the below but nothing seems to work:

$config['csrf_exclude_uris'] = array('assets/plugins/ckfinder/.*+', 'assets/plugins/ckfinder/ckfinder.js', 'assets/plugins/ckfinder', 'admin/news/.*+');

Any pointers would be appreciated

Answer 1

# Its work fine #
$config['csrf_protection'] = TRUE;
if(isset($_SERVER["PHP_SELF"])){
  $parts = explode("/",$_SERVER["PHP_SELF"]);
  $exclude_url_arr = array('login');
  if (!empty($exclude_url_arr[0])) {
    foreach($parts as $part) {
      if (in_array($part,$exclude_url_arr)) {
          $config['csrf_protection'] = FALSE;
          break;
      }
    }
  }
}