How to handle CSRF Validation in Yii2 Framework?

2020-02-08 14:36发布

I'm having problem with CSRF Validation in yii2. The validation works fine with the default form generated by the gii but when I edit the form with html tags then the form submission throws a bad request error. I have disabled csrf validation to hide the error but I want to use this for the security of the application and data validation.

Is there any way of solving this error or is there a way of configuring it to work correctly in this scenario?

标签： php csrf yii2

2条回答

祖国的老花朵

2楼-- · 2020-02-08 15:06

Try this

<?=yii\helpers\Html::hiddenInput(Yii::$app->request->csrfParam, Yii::$app->request->csrfToken)?>

0人赞添加讨论(0) 举报

不美不萌又怎样

3楼-- · 2020-02-08 15:10

I guess, your html form doesn't have hidden _csrf field, which is automatically generated by standard Yii2 widgets.

So the minimum code of your custom form might be like this:

<form method="post">
    <input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
    <button type="submit"> Save </button>
</form>

0人赞添加讨论(0) 举报

How to handle CSRF Validation in Yii2 Framework?

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间