From b0351ba4851b2b415b119cb1b774d1088c04a23d Mon Sep 17 00:00:00 2001 From: Mark Date: Sun, 29 Dec 2013 21:53:42 +0400 Subject: [PATCH] docs improved --- docs/guide/controller.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/guide/controller.md b/docs/guide/controller.md index 518b236..682d1f7 100644 --- a/docs/guide/controller.md +++ b/docs/guide/controller.md @@ -39,7 +39,7 @@ The output of an action is what the method returns. The return value will be han component which can convert the output to differnet formats such as JSON for example. The default behavior is to output the value unchanged though. -You also can disable CSRF validation per controller, by setting its property: +You also can disable CSRF validation per controller and/or action, by setting its property: ```php namespace app\controllers; @@ -59,6 +59,24 @@ class SiteController extends Controller } ``` +To disable CSRF validation per custom actions you can do: + +```php +namespace app\controllers; + +use yii\web\Controller; + +class SiteController extends Controller +{ + public function beforeAction($action) + { + // ...set `$this->enableCsrfValidation` here based on some conditions... + // call parent method that will check CSRF if such property is true. + return parent::beforeAction($action); + } +} +``` + Routes ------