如何在Yii2框架中处理CSRF验证? [英] How to handle CSRF Validation in Yii2 Framework?

问题描述

我在yii2中遇到CSRF验证问题.验证可以使用gii生成的默认表单很好地进行，但是当我使用html标签编辑表单时，表单提交会引发错误的请求错误.我已禁用csrf验证来隐藏错误，但我想将其用于应用程序和数据验证的安全性.

I'm having problem with CSRF Validation in yii2. The validation works fine with the default form generated by the gii but when I edit the form with html tags then the form submission throws a bad request error. I have disabled csrf validation to hide the error but I want to use this for the security of the application and data validation.

有什么办法可以解决此错误，或者有办法将其配置为在这种情况下可以正常工作?

Is there any way of solving this error or is there a way of configuring it to work correctly in this scenario?

推荐答案

我想，您的html表单没有隐藏的_csrf字段，该字段由标准Yii2小部件自动生成.

I guess, your html form doesn't have hidden _csrf field, which is automatically generated by standard Yii2 widgets.

因此您的自定义表单的最小代码可能是这样的:

So the minimum code of your custom form might be like this:

<form method="post">
    <input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
    <button type="submit"> Save </button>
</form>

这篇关于如何在Yii2框架中处理CSRF验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！