Daedelix PSA by default has enabled CSRF protection, there is ability to disable this protection by the user but you must make sure that your module forms works fine when CSRF protection is enabled.
To get more familiar how this works, visit this link:
https://codeigniter.com/userguide3/general/security.html?highlight=csrf#csrf-protection
More information about CSRF can be found here:
https://en.wikipedia.org/wiki/Cross-site_request_forgery
HTML Forms
You must use the CodeIgniter helper function for forms to open a form in order for the function to generate the CSRF form token.
All Daedelix PSA forms that comes with the installation uses form_open() functions to open a form element.
Find below an example form that use form_open().
<?php echo form_open(admin_url('departments/department')); ?>
<!-- Your form input fields goes here -->
<?php echo form_close(); ?>AJAX Request
Daedelix PSA comes with jQuery on both clients and customers area, if you are submitting a form via AJAX Request and you are using the jQuery help functions e.q. $.post or $.ajax, you won’t need to perform any additional actions because the CSRF keys are already configured.
However, if you are using any external library for requests, you must include the CSRF key manually.
Exclude URL from CSRF (>= v2.9.0)
If the module is in need to exclude URL from a CSRF protection, you can achieve this by creating a configuration file [MODULE_NAME]/config/csrf_exclude_uris.php
The file must return an array with excluded URI’s.
return [
'mypos/webhook',
'api/other-uri',
...etc
];Note that you can add regex matching to the URI’s as well, read more here in the Codeigniter guides.