[Yii Framework] How to use CSRF in Yii automatic.

What is CSRF, please see the details here. http://en.wikipedia.org/wiki/Cross-site_request_forgery

 

In Yii, how to start the CSRF authorization? It is very easy to do that.

 

Just add this to main.php 

'components'=>array(
    
'request'=>array(
    
'enableCsrfValidation'=>true,
    )
,
)
,

 

 

And then, do something else to send a request to the server, you have to provide the  YII_CSRF_TOKEN ( the browser will do for us when click a link), otherwise, you will get this message

The CSRF token could not be verified.

 

 

 when you post a form, if you do not use CActiveForm or its children, you have to provide a hidden field to store the YII_CSRF_TOKEN.

<input type="hidden" name="YII_CSRF_TOKEN" value="<?php echo Yii::app()->request->csrfToken; ?>" />

 

If you use CActiveForm or its children, you just use the same code no matter you set enableCsrfValidation to true or false.

<?php $form=$this->beginWidget('CActiveForm'); ?>

 

Yii will know how to do it!

 

Have fun with Yii! :) 

 

posted @ 2011-01-19 15:41 DavidHHuan 阅读(...) 评论(...) 编辑 收藏