codeigniter CSRF error: "The action you have requested is not allowed."

Just Include this in your form and everything will be fine then.

<input type="hidden" name="<?php echo $this->security->get_csrf_token_name();?>" value="<?php echo $this->security->get_csrf_hash();?>">

The problem solved by this Solution:

set $config['cookie_secure'] in config file to FALSE if you're using HTTP.


The easiest one for me was to whitelist the URI as explained in CodeIgniter User Guide (here)

Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the ‘csrf_exclude_uris’ config parameter:

$config['csrf_exclude_uris'] = array('api/person/add');