Disable Yii2 CSRF on specific actions

来源：互联网发布：淘宝视频直播怎么弄编辑：程序博客网时间：2024/06/06 17:04

转载地址：https://sammaye.wordpress.com/2014/06/09/disable-yii2-csrf-on-specific-actions/

June 9, 2014

Disable Yii2 CSRF on specific actions

I needed to disable the Yii2 CSRF on specific actions recently, mainly due to the action being called from an external source.

What I did was extend the Request object like so:

<?php namespace common\components; use Yii; class Request extends \yii\web\Request{    public $noCsrfRoutes = [];         public function validateCsrfToken()    {        if(            $this->enableCsrfValidation &&            in_array(Yii::$app->getUrlManager()->parseRequest($this)[0], $this->noCsrfRoutes)        ){            return true;        }        return parent::validateCsrfToken();    }

and then added the request component to my config like so:

'request' => [    'class' => 'common\components\Request',    'noCsrfRoutes' => [        'order/calculate-ns-shipping'    ]],

And that works.

0 0