Home > Article > PHP Framework > How to remove csrf in yii framework
Yii framework method to remove csrf: 1. Turn off csrf through the "init" method; 2. Add a hidden field to the form; 3. Add the "_csrf" field to AJAX.
YII How to turn off csrf
The first solution is to turn off Csrf
public function init(){ $this->enableCsrfValidation = false; }
The second solution is to add a hidden field to the form
<input name="_csrf" type="hidden" id="_csrf" value="<?= Yii::$app->request->csrfToken ?>">
The third solution is to add the _csrf field to AJAX
var csrfToken = $('meta[name="csrf-token"]').attr("content"); $.ajax({ type: 'POST', url: url, data: {_csrf:csrfToken}, success: success, dataType: dataType });
Note: If your page does not have a form, There is no problem with ajax post submission. Using ajax post submission will automatically generate _csrf
If the page has a form, especially a file, ajax post is not possible and you must use get.
Recommended: "yii tutorial"
The above is the detailed content of How to remove csrf in yii framework. For more information, please follow other related articles on the PHP Chinese website!