{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Explosion°爆炸 的问题《Disable CSRF validation for individual actions in》','https://www.manongdao.com/q-1170054.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Is there a way to disable CSRF validation for some actions of the controller keeping it enabled for the other ones?
In my case I have several configurable Action classes, that are intended to be injected into controllers. I can't pass csrf validation token into the AJAX request because the thing I'm working with is external (made not by me) WYSIWYG plugin at the frontend. Yes, I can still disable csrf validation of the whole controller using these actions, but it may be insecure.
For the specific controller / actions you can disable CSRF validation like so:
Or inside a controller:
Take a look at $enableCsrfValidation property of yii\web\Controller.
Update:
Here is some specification.
If you want to disable CSRF validation for individual action(s) you need to do it in
beforeActionevent handler because CSRF token is checked before action runs (inbeforeActionofyii\web\Controller).Official docs:
Put this inside your controller, just replace index with whatever action you want to disable
csrfon.For me this is what worked
i have tried this and it worked .
Go to the specific controller and write this at the top.