How to handle CSRF Validation in Yii2 Framework?

php csrf yii2
msucil picture msucil · Feb 12, 2015 · Viewed 25.9k times · Source

I'm having problem with CSRF Validation in yii2. The validation works fine with the default form generated by the gii but when I edit the form with html tags then the form submission throws a bad request error. I have disabled csrf validation to hide the error but I want to use this for the security of the application and data validation.

Is there any way of solving this error or is there a way of configuring it to work correctly in this scenario?

Answer

Pavel Bariev picture Pavel Bariev · Feb 12, 2015

I guess, your html form doesn't have hidden _csrf field, which is automatically generated by standard Yii2 widgets.

So the minimum code of your custom form might be like this:

<form method="post">
    <input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
    <button type="submit"> Save </button>
</form>

Related questions

Post request in Laravel - Error - 419 Sorry, your session/ 419 your page has expired

I installed Laravel 5.7 Added a form to the file \resources\views\welcome.blade.php <form method="POST" action="/foo" > @csrf <input type="text" name="name"/><br/> <input type="submit" value="Add"/> </…

Read More
"The page has expired due to inactivity" - Laravel 5.5

My register page is showing the form properly with CsrfToken ({{ csrf_field() }}) present in the form). Form HTML <form class="form-horizontal registration-form" novalidate method="POST" action="{{ route('register') }}"> {{ csrf_field() }} .... </form> I am using inbuilt authentication …

Read More
How to properly add cross-site request forgery (CSRF) token using PHP

I am trying to add some security to the forms on my website. One of the forms uses AJAX and the other is a straightforward "contact us" form. I'm trying to add a CSRF token. The problem I'm having is …

Read More