How to use CSRF in Yii automatic.与csrf token 无法被验证
来源:互联网 发布:sql入门到精通视频 编辑:程序博客网 时间:2024/05/29 16:54
What is CSRF, please see the details here. http://en.wikipedia.org/wiki/Cross-site_request_forgery
In Yii, how to start the CSRF authorization? It is very easy to do that.
Just add this to main.php
'components'=>array( 'request'=>array( 'enableCsrfValidation'=>true, ),),And then, do something else to send a request to the server, you have to provide the YII_CSRF_TOKEN ( the browser will do for us when click a link), otherwise, you will get this message
The CSRF token could not be verified.when you post a form, if you do not use CActiveForm or its children, you have to provide a hidden field to store the YII_CSRF_TOKEN.
<input type="hidden" name="YII_CSRF_TOKEN" value="<?php echo Yii::app()->request->csrfToken; ?>" />If you use CActiveForm or its children, you just use the same code no matter you set enableCsrfValidation to true or false.
<?php $form=$this->beginWidget('CActiveForm'); ?>Yii will know how to do it!
Have fun with Yii! :)
以上内容转载自:http://www.cnblogs.com/davidhhuan/archive/2011/01/19/1939253.html
今天在项目中开启了enableCsrfValidation
结果发现选择一级分类后,无法提取二级分类的内容。通过抓包,得到:csrf token 无法被验证。解决办法:要在提交数据中附上YII_CSRF_TOKEN
<tr><td width="10%"><?php echo $form->labelEx($model, 'sid')?></td><td width="90%"><div class="mm_div_left"><?php echo CHtml::activeDropDownList($model, 'fid', Costcategory::getCategory(), array( 'empty'=>'请选择', 'ajax'=>array( 'type'=>'POST', 'url'=>CController::createUrl('cost/dynamiccities'), 'update'=>'#Cost_sid', 'data'=>array('fid'=>'js:this.value','YII_CSRF_TOKEN'=>Yii::app()->request->csrfToken), ) )); echo CHtml::activeDropDownList($model, 'sid', Costcategory::getCategory($model->fid), array( 'empty'=>'请选择', ) ); ?> </div> <div class="mm_div_right"><?php echo $form->error($model, 'sid');?></div></td></tr>
- How to use CSRF in Yii automatic.与csrf token 无法被验证
- Yii的csrf验证
- yii的csrf验证
- Yii的CSRF验证
- Yii的CSRF验证
- Yii框架的CSRF验证
- yii ajax csrf token not verfied 解决
- YII csrf
- how to use regular expressions in yii
- Flask教程笔记-CSRF token保护验证
- 谈Token验证对CSRF的意义
- CSRF Token介绍与应对策略
- CSRF Token介绍与应对策略
- Error: invalid csrf token
- 51. yii csrf
- php curl带有csrf-token验证模拟提交方法
- php curl带有csrf-token验证模拟提交方法
- csrf
- 用sqlpluse导出和导入数据
- 约瑟夫环问题
- Atos cannot get symbols from dSYM of archived application
- openfiler里用到的linux命令parted,iscsi target,lvm
- 动画----跳转
- How to use CSRF in Yii automatic.与csrf token 无法被验证
- Java集合框架Collection(List、Set和Map)
- 遇到的一个sql的面试题
- Head First 设计模式 (七)适配器模式(adapter pattern) C++实现
- [HTML5-Canvas] HTML5 canvas 新手入门教程
- POJ1699 校赛D题
- gg
- 模型设计与实践---(五)事件选择(EventSelect iO)
- Vs2010中水晶报表引用及打包