I'm working with codeigniter-paypal-ipn and have csrf_protection enabled. This seems to block the access from Paypal to my IPN controller. If i disable csrf_protection it works just fine, with csrf_protection enabled, paypal IPN service throws a 500 Internal Server Error.
Is there a way to solve this without disabling the csrf_protection? If not, can i disable the csrf_protection just for that controller?
Thanks.
Alex the creator of codeigniter-paypal-ipn here. At the moment I'm not aware of a way to get the IPN post working with csrf_protection enabled. If you look at how another language/framework does it, e.g. django-paypal IPN - they add a CSRF exemption to the specific IPN controller.
As imm says, this type of fine-grained control won't be available in CodeIgniter till a version with this pull request is merged (if you can't wait, try caseyamcl's approach below as it doesn't involve hacking CI core...)
I've updated my project's README to make the CSRF situation clearer.