Login Register

web\Request $enableCsrfValidation

$enableCsrfValidation public property

Whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. When CSRF validation is enabled, forms submitted to an Yii Web application must be originated from the same application. If not, a 400 HTTP exception will be raised.

Note, this feature requires that the user client accepts cookie. Also, to use this feature, forms submitted via POST method must contain a hidden input whose name is specified by $csrfParam. You may use yii\helpers\Html::beginForm() to generate his hidden input.

In JavaScript, you may get the values of $csrfParam and $csrfToken via yii.getCsrfParam() and yii.getCsrfToken(), respectively. The yii\web\YiiAsset asset must be registered. You also need to include CSRF meta tags in your pages by using yii\helpers\Html::csrfMetaTags().

See also:

public boolean $enableCsrfValidation = true

Links:

http://www.yiiframework.com/doc-2.0/yii-web-request.html#$enableCsrfValidation-detail

doc_Yii

2016-10-30 17:15:29

Comments

Leave a Comment

Please login to continue.

Popular Articles

web\Request $headers $headers public read-only property The header collection public yii\web\HeaderCollection getHeaders ( )

web\Request loadCsrfToken() loadCsrfToken() protected method Loads the CSRF token from cookie or session. protected string loadCsrfToken ( )return string The CSRF token l

web\Request getAuthUser() getAuthUser() public method public string|null getAuthUser ( )return string|null The username sent via HTTP authentication, null if the userna

web\Request getScriptUrl() getScriptUrl() public method Returns the relative URL of the entry script. The implementation of this method referenced Zend_Controller_Request_H

web\Request getReferrer() getReferrer() public method Returns the URL referrer. public string|null getReferrer ( )return string|null URL referrer, null if not availab