作者:毕老爷666 | 来源:互联网 | 2023-08-25 11:25
WhatisCSRF,pleaseseethedetailshere.http:en.wikipedia.orgwikiCross-site_request_forgery
What is CSRF, please see the details here. http://en.wikipedia.org/wiki/Cross-site_request_forgery
In Yii, how to start the CSRF authorization? It is very easy to do that.
Just add this to main.php
'
components
'
=>
array
(
'
request
'
=>
array
(
'
enableCsrfValidation
'
=>
true
,
)
,
)
,
And then, do something else to send a request to the server, you have to provide the YII_CSRF_TOKEN ( the browser will do for us when click a link), otherwise, you will get this message
The CSRF token could not be verified.
when you post a form, if you do not use CActiveForm or its children, you have to provide a hidden field to store the YII_CSRF_TOKEN.
<
input type
=
"
hidden
"
name
=
"
YII_CSRF_TOKEN
"
value
=
"
request->csrfToken; ?>
"
/>
If you use CActiveForm or its children, you just use the same code no matter you set enableCsrfValidation to true or false.
php
$form
=
$this
->
beginWidget(
'
CActiveForm
'
);
?>
Yii will know how to do it!
Have fun with Yii! :)