How does CSRF work in yii2?

I

Igorrebega2014-10-28 11:42:56

Yii

Igorrebega, 2014-10-28 11:42:56

How does CSRF work in yii2?
Most interested in how the token is verified

Reply

Answer the question

In order to leave comments, you need to log in

6 answer(s)

T

theaidem, 2014-10-28
@theaidem

Isn't it in the source code?

A

Andrey Ezhgurov, 2014-10-28
@eandr_67

And look into the source code and see for yourself - how everything is done there? There is nothing complicated there.

R

Rustamka Vorontsov, 2014-10-28
@rmfordev

Hello! in yii2 it is not necessary to check the token, it will check it itself

if (!$this->enableCsrfValidation || in_array($method, ['GET', 'HEAD', 'OPTIONS'], true)) {
    return true;
}

I

Igorrebega, 2014-10-28
@Igorrebega

I have a problem that the token that the form passes is not the same as in the meta tag, and a 400 error occurs

A

atis //, 2016-07-22
@atis2345

"Shit" works. The doc doesn't say anything about it. In principle, there is not much written about it.
I can't tell you how it works, but I can show you how it works.

<?php

/** @var $this yii\web\View */

$this->registerMetaTag(['name' => 'csrf-param', 'content' => Yii::$app->request->csrfParam]);
$this->registerMetaTag(['name' => 'csrf-token', 'content' => Yii::$app->request->getCsrfToken()]);

?>

<form action="#" method="posts">

    <!-- inputs -->

   <input type="hidden" name="<?= Yii::$app->request->csrfParam ?>" value="<?= Yii::$app->request->getCsrfToken() ?>"/>

    <!-- submit -->

</form>

A

Alexander Sharomet, 2017-03-02
@sharomet

I had it.
Server restart