Sunday, January 2, 2022

[FIXED] Yii CSRF disable for action

      , ,      No comments   

Issue

I send same form data from different contollers and subdomain. But in one case I need disable CSRF validation.

Example:

Login form:

  • Location 1: main page example.com

  • Location 2: account.example.com/login

  • Location 3: gate.example.com

And I need disable validation just in case when I send data from location 1 to location 2.

I Used $form = $this->beginWidget('CActiveForm',...

How can I do that?

I supose that csrf cookie is not crossdomain!


Solution

As a name suggest it is Cross-Site-Request-Forgery, so no it is not crossdomain and must not be:)

CSRF is enabled in request component, so just get request component and reconfigure it:

Yii::app()->request->enableCsrfValidation = false;

Im not quite sure where to put it, probably in the beginning of action.



Answered By - user133408

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...