Reputation: 1911
Cross-site request forgery Yii ,PHP
I am trying to implement CSRF validation in yii . I have written my own class and everything works fine except the fact that my post variable(for the form) does not consist of the token . Am I supposed to set the token myself in the post variable ? Yii documentation states that the post variable is set by a hidden field in every form . Does it require further implementation in the forms as well ? I know the token is not there as I saw the Post variables by dumping them .
Upvotes: 0
Views: 1905
Answers (2)
Reputation: 5955
In addition to enabling CSRF validation, you need to put the Yii CSRF token in your form. One of the easiest ways I've run into to put it in is to use CHtml beginForm, which puts it in as part of producing your form tag. More info here: http://www.yiiframework.com/doc/api/1.1/CHtml#beginForm-detail
Upvotes: 0
Related Questions
- Yii 2.0 CSRF validation for AJAX request
- CSRF (Cross Site Request Forgery) does not work as expected in Laravel
- CSRF (Cross-site request forgery) attack example and prevention in PHP
- How to Prevent Cross-Site Request Forgery Attack?
- CSRF in a PHP/Yii project
- Cross site request forgery
- Would this stop Cross-site request forgery attempt?
- Yii Ajax request CSRF can not be verified
- Cross site request forgery (CSRF) mitigation
- preventing cross site request forgery in the url