Yii 2.0 CSRF validation for AJAX request
I have an ajax
function that triggers an entry deletion from my database.
I need to do CSRF
validation for the same. How can I do that?
I am sending the CSRF cookie
along with my post request, but Yii 2.0
is not validating it and any input that is passed through ajax is reaching the server.
How do I do CSRF
validation for ajax requests.
Whether we need to manually set cookie and check?
You don't need to manually set cookie.
If you are using jQuery CSRF token will be sent automatically.
For example for AngularJS you can add it manually to request params like that:
yii.getCsrfParam(): yii.getCsrfToken()
Make sure you have YiiAsset
included.
Otherwise you can retrieve them from meta tags (that's basically what these two methods do):
$('meta[name=csrf-param]').prop('content'): $('meta[name=csrf-token]').prop('content')
Also note that for enabling CSRF validation both Controller
's and Request
's property enableCsrfValidation
property must be set to true
.
Update:
Another important thing to understand:
CSRF token will be validated only on this methods: GET
, HEAD
, OPTIONS
.
Also make sure you have <?= Html::csrfMetaTags ?>
in main layout.
最后我确定了包括
<?= Html::csrfMetaTags() ?>
链接地址: http://www.djcxy.com/p/26142.html
上一篇: 接收钩子进行网站分段