How to remove csrf in yii framework

Yii framework method to remove csrf: 1. Turn off csrf through the "init" method; 2. Add a hidden field to the form; 3. Add the "_csrf" field to AJAX.

YII How to turn off csrf

The first solution is to turn off Csrf

public function init(){
    $this->enableCsrfValidation = false;
}

The second solution is to add a hidden field to the form

<input name="_csrf" type="hidden" id="_csrf" value="<?= Yii::$app->request->csrfToken ?>">

The third solution is to add the _csrf field to AJAX

var csrfToken = $('meta[name="csrf-token"]').attr("content");
$.ajax({
  type: 'POST',
  url: url,
  data: {_csrf:csrfToken},
  success: success,
  dataType: dataType
});

Note: If your page does not have a form, There is no problem with ajax post submission. Using ajax post submission will automatically generate _csrf

If the page has a form, especially a file, ajax post is not possible and you must use get.

Recommended: "yii tutorial"

The above is the detailed content of How to remove csrf in yii framework. For more information, please follow other related articles on the PHP Chinese website!