Login Register

web\Request $enableCsrfValidation

$enableCsrfValidation public property

Whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. When CSRF validation is enabled, forms submitted to an Yii Web application must be originated from the same application. If not, a 400 HTTP exception will be raised.

Note, this feature requires that the user client accepts cookie. Also, to use this feature, forms submitted via POST method must contain a hidden input whose name is specified by $csrfParam. You may use yii\helpers\Html::beginForm() to generate his hidden input.

In JavaScript, you may get the values of $csrfParam and $csrfToken via yii.getCsrfParam() and yii.getCsrfToken(), respectively. The yii\web\YiiAsset asset must be registered. You also need to include CSRF meta tags in your pages by using yii\helpers\Html::csrfMetaTags().

See also:

public boolean $enableCsrfValidation = true

Links:

http://www.yiiframework.com/doc-2.0/yii-web-request.html#$enableCsrfValidation-detail

doc_Yii

2016-10-30 17:15:29

Comments

Leave a Comment

Please login to continue.

Popular Articles

web\Request $referrer $referrer public read-only property URL referrer, null if not available public string|null getReferrer ( )

web\Request setSecurePort() setSecurePort() public method Sets the port to use for secure requests. This setter is provided in case a custom port is necessary for certain se

web\Request $headers $headers public read-only property The header collection public yii\web\HeaderCollection getHeaders ( )

web\Request getAcceptableLanguages() getAcceptableLanguages() public method Returns the languages acceptable by the end user. This is determined by the Accept-Language HTTP header.

web\Request $enableCookieValidation $enableCookieValidation public property Whether cookies should be validated to ensure they are not tampered. Defaults to true. public boolean $e