How to handle CSRF validation in Yii2 Framework?
I have a problem with CSRF Validation in yii2. Validation works fine with the default form generated by gii, but when I edit the form using html tags then the form submission throws an erroneous request error. I have csrf validation disabled to hide the error, but I want to use it to secure my application and validate data.
Is there a way to resolve this error, or is there a way for it to work correctly in this scenario?
+11
source to share
1 answer
I think your html form does not have a hidden field _csrf
that is automatically generated by standard Yii2 widgets.
So the minimal code for your custom form might look like this:
<form method="post">
<input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
<button type="submit"> Save </button>
</form>
+22
source to share