How to use CSRF in Yii automatic.与csrf token 无法被验证

What is CSRF, please see the details here. http://en.wikipedia.org/wiki/Cross-site_request_forgery

In Yii, how to start the CSRF authorization? It is very easy to do that.

Just add this to main.php

'components'=>array(    'request'=>array(    'enableCsrfValidation'=>true,    ),),

And then, do something else to send a request to the server, you have to provide the  YII_CSRF_TOKEN ( the browser will do for us when click a link), otherwise, you will get this message

The CSRF token could not be verified.

when you post a form, if you do not use CActiveForm or its children, you have to provide a hidden field to store the YII_CSRF_TOKEN.

<input type="hidden" name="YII_CSRF_TOKEN" value="<?php echo Yii::app()->request->csrfToken; ?>" />

If you use CActiveForm or its children, you just use the same code no matter you set enableCsrfValidation to true or false.

<?php $form=$this->beginWidget('CActiveForm'); ?>

Yii will know how to do it!

Have fun with Yii! :)

以上内容转载自：http://www.cnblogs.com/davidhhuan/archive/2011/01/19/1939253.html

今天在项目中开启了enableCsrfValidation

结果发现选择一级分类后，无法提取二级分类的内容。通过抓包，得到：csrf token 无法被验证。解决办法：要在提交数据中附上YII_CSRF_TOKEN

<tr><td width="10%"><?php echo $form->labelEx($model, 'sid')?></td><td width="90%"><div class="mm_div_left"><?php echo CHtml::activeDropDownList($model,    'fid',    Costcategory::getCategory(),    array(        'empty'=>'请选择',        'ajax'=>array(            'type'=>'POST',            'url'=>CController::createUrl('cost/dynamiccities'),            'update'=>'#Cost_sid',            'data'=>array('fid'=>'js:this.value','YII_CSRF_TOKEN'=>Yii::app()->request->csrfToken),        )    ));   echo CHtml::activeDropDownList($model, 'sid',            Costcategory::getCategory($model->fid),                array(                    'empty'=>'请选择',                )            ); ?>    </div>    <div class="mm_div_right"><?php echo $form->error($model, 'sid');?></div></td></tr>