How to handle CSRF validation in Yii2 Framework?

Question

How to handle CSRF validation in Yii2 Framework?

I have a problem with CSRF Validation in yii2. Validation works fine with the default form generated by gii, but when I edit the form using html tags then the form submission throws an erroneous request error. I have csrf validation disabled to hide the error, but I want to use it to secure my application and validate data.

Is there a way to resolve this error, or is there a way for it to work correctly in this scenario?

+11

php yii2 csrf

msucil 12 Feb 15 at 9:06

source to share

1 answer

Pavel Bariev · Answer 1 · 2015-02-12T14:02:58+0000

I think your html form does not have a hidden field _csrf

that is automatically generated by standard Yii2 widgets.

So the minimal code for your custom form might look like this:

<form method="post">
    <input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
    <button type="submit"> Save </button>
</form>

How to handle CSRF validation in Yii2 Framework?

More articles: