Home  >  Article  >  PHP Framework  >  How to remove csrf in yii framework

How to remove csrf in yii framework

藏色散人
藏色散人Original
2020-07-18 17:16:352937browse

Yii framework method to remove csrf: 1. Turn off csrf through the "init" method; 2. Add a hidden field to the form; 3. Add the "_csrf" field to AJAX.

How to remove csrf in yii framework

YII How to turn off csrf

The first solution is to turn off Csrf

public function init(){
    $this->enableCsrfValidation = false;
}

The second solution is to add a hidden field to the form

<input name="_csrf" type="hidden" id="_csrf" value="<?= Yii::$app->request->csrfToken ?>">

The third solution is to add the _csrf field to AJAX

var csrfToken = $(&#39;meta[name="csrf-token"]&#39;).attr("content");
$.ajax({
  type: &#39;POST&#39;,
  url: url,
  data: {_csrf:csrfToken},
  success: success,
  dataType: dataType
});

Note: If your page does not have a form, There is no problem with ajax post submission. Using ajax post submission will automatically generate _csrf

If the page has a form, especially a file, ajax post is not possible and you must use get.

Recommended: "yii tutorial"

The above is the detailed content of How to remove csrf in yii framework. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn