如何在Yii2框架中处理CSRF验证? [英] How to handle CSRF Validation in Yii2 Framework?
问题描述
我在yii2中遇到CSRF验证问题.验证可以使用gii生成的默认表单很好地进行,但是当我使用html标签编辑表单时,表单提交会引发错误的请求错误.我已禁用csrf验证来隐藏错误,但我想将其用于应用程序和数据验证的安全性.
I'm having problem with CSRF Validation in yii2. The validation works fine with the default form generated by the gii but when I edit the form with html tags then the form submission throws a bad request error. I have disabled csrf validation to hide the error but I want to use this for the security of the application and data validation.
有什么办法可以解决此错误,或者有办法将其配置为在这种情况下可以正常工作?
Is there any way of solving this error or is there a way of configuring it to work correctly in this scenario?
推荐答案
我想,您的html表单没有隐藏的_csrf
字段,该字段由标准Yii2小部件自动生成.
I guess, your html form doesn't have hidden _csrf
field, which is automatically generated by standard Yii2 widgets.
因此您的自定义表单的最小代码可能是这样的:
So the minimum code of your custom form might be like this:
<form method="post">
<input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
<button type="submit"> Save </button>
</form>
这篇关于如何在Yii2框架中处理CSRF验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!