Yii 2.0 CSRF validation for AJAX request

2018-06-08 15:41:03

I have an ajax function that triggers an entry deletion from my database.

I need to do CSRF validation for the same. How can I do that?

I am sending the CSRF cookie along with my post request, but Yii 2.0 is not validating it and any input that is passed through ajax is reaching the server.

How do I do CSRF validation for ajax requests.

Whether we need to manually set cookie and check?

You don't need to manually set cookie.

If you are using jQuery CSRF token will be sent automatically.

For example for AngularJS you can add it manually to request params like that:

yii.getCsrfParam(): yii.getCsrfToken()

Make sure you have YiiAsset included.

Otherwise you can retrieve them from meta tags (that's basically what these two methods do):

$('meta[name=csrf-param]').prop('content'): $('meta[name=csrf-token]').prop('content')

Also note that for enabling CSRF validation both Controller 's and Request 's property enableCsrfValidation property must be set to true .

Update:

Another important thing to understand:

CSRF token will be validated only on this methods: GET , HEAD , OPTIONS .

Also make sure you have <?= Html::csrfMetaTags ?> in main layout.

最后我确定了包括

    <?= Html::csrfMetaTags() ?>

链接地址: http://www.djcxy.com/p/26142.html

上一篇: 接收钩子进行网站分段

下一篇: Yii 2.0针对AJAX请求的CSRF验证