Yii2框架如何处理CSRF验证?
我在 yii2 中遇到 CSRF 验证问题.验证与 gii 生成的默认表单一起工作正常,但是当我使用 html 标签编辑表单时,表单提交会引发错误的请求错误.我已禁用 csrf 验证以隐藏错误,但我想将其用于应用程序和数据验证的安全性.
I'm having problem with CSRF Validation in yii2. The validation works fine with the default form generated by the gii but when I edit the form with html tags then the form submission throws a bad request error. I have disabled csrf validation to hide the error but I want to use this for the security of the application and data validation.
有没有办法解决这个错误,或者有没有办法配置它在这种情况下正常工作?
Is there any way of solving this error or is there a way of configuring it to work correctly in this scenario?
推荐答案
我猜,你的 html 表单没有隐藏的 _csrf
字段,它是由标准 Yii2 小部件自动生成的.
I guess, your html form doesn't have hidden _csrf
field, which is automatically generated by standard Yii2 widgets.
所以你的自定义表单的最小代码可能是这样的:
So the minimum code of your custom form might be like this:
<form method="post">
<input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
<button type="submit"> Save </button>
</form>
相关文章