发表新帖
发表新帖

Disable CSRF validation for individual actions in Yii2

前端 未结
关注
4 1621
北恋
北恋 2020-11-27 16:52

Is there a way to disable CSRF validation for some actions of the controller keeping it enabled for the other ones?

In my case I have several configurable Action cla

4条回答
  • 自闭症患者
    自闭症患者 (楼主)
    2020-11-27 16:59

    For the specific controller / actions you can disable CSRF validation like so:

    use Yii;

...

Yii::$app->controller->enableCsrfValidation = false;

    Or inside a controller:

    $this->enableCsrfValidation = false;

    Take a look at $enableCsrfValidation property of yii\web\Controller.

    Update:

    Here is some specification.

    If you want to disable CSRF validation for individual action(s) you need to do it in beforeAction event handler because CSRF token is checked before action runs (in beforeAction of yii\web\Controller).

    /**
 * @inheritdoc
 */
public function beforeAction($action)
{            
    if ($action->id == 'my-method') {
        $this->enableCsrfValidation = false;
    }

    return parent::beforeAction($action);
}

    Official docs:

    • beforeAction()

    0 讨论(0)
 看不清?
提交回复
热议问题