Browse Source

Fixes #897.

tags/2.0.0-beta
Qiang Xue 11 years ago
parent
commit
93d5f5a3ec
  1. 2
      framework/yii/base/ErrorHandler.php
  2. 3
      framework/yii/web/Request.php

2
framework/yii/base/ErrorHandler.php

@ -93,6 +93,8 @@ class ErrorHandler extends Component
$response->getHeaders()->removeAll(); $response->getHeaders()->removeAll();
if ($useErrorView && $this->errorAction !== null) { if ($useErrorView && $this->errorAction !== null) {
// disable CSRF validation so that errorAction can run in case the error is caused by CSRF validation failure
Yii::$app->getRequest()->enableCsrfValidation = false;
$result = Yii::$app->runAction($this->errorAction); $result = Yii::$app->runAction($this->errorAction);
if ($result instanceof Response) { if ($result instanceof Response) {
$response = $result; $response = $result;

3
framework/yii/web/Request.php

@ -1001,7 +1001,8 @@ class Request extends \yii\base\Request
*/ */
public function getCsrfTokenFromHeader() public function getCsrfTokenFromHeader()
{ {
return isset($_SERVER[self::CSRF_HEADER]) ? $_SERVER[self::CSRF_HEADER] : null; $key = 'HTTP_' . str_replace('-', '_', strtoupper(self::CSRF_HEADER));
return isset($_SERVER[$key]) ? $_SERVER[$key] : null;
} }
/** /**

Loading…
Cancel
Save