[Yii Framework] How to use CSRF in Yii automatic.

What is CSRF, please see the details here. http://en.wikipedia.org/wiki/Cross-site_request_forgery


In Yii, how to start the CSRF authorization? It is very easy to do that.


Just add this to main.php 




And then, do something else to send a request to the server, you have to provide the  YII_CSRF_TOKEN ( the browser will do for us when click a link), otherwise, you will get this message

The CSRF token could not be verified.



 when you post a form, if you do not use CActiveForm or its children, you have to provide a hidden field to store the YII_CSRF_TOKEN.

<input type="hidden" name="YII_CSRF_TOKEN" value="<?php echo Yii::app()->request->csrfToken; ?>" />


If you use CActiveForm or its children, you just use the same code no matter you set enableCsrfValidation to true or false.

<?php $form=$this->beginWidget('CActiveForm'); ?>


Yii will know how to do it!


Have fun with Yii! :) 


posted @ 2011-01-19 15:41 DavidHHuan 阅读(...) 评论(...) 编辑 收藏