|
|
@ -39,7 +39,7 @@ The output of an action is what the method returns. The return value will be han |
|
|
|
component which can convert the output to differnet formats such as JSON for example. The default behavior |
|
|
|
component which can convert the output to differnet formats such as JSON for example. The default behavior |
|
|
|
is to output the value unchanged though. |
|
|
|
is to output the value unchanged though. |
|
|
|
|
|
|
|
|
|
|
|
You also can disable CSRF validation per controller, by setting its property: |
|
|
|
You also can disable CSRF validation per controller and/or action, by setting its property: |
|
|
|
|
|
|
|
|
|
|
|
```php |
|
|
|
```php |
|
|
|
namespace app\controllers; |
|
|
|
namespace app\controllers; |
|
|
@ -59,6 +59,24 @@ class SiteController extends Controller |
|
|
|
} |
|
|
|
} |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
To disable CSRF validation per custom actions you can do: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```php |
|
|
|
|
|
|
|
namespace app\controllers; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
use yii\web\Controller; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SiteController extends Controller |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
public function beforeAction($action) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
// ...set `$this->enableCsrfValidation` here based on some conditions... |
|
|
|
|
|
|
|
// call parent method that will check CSRF if such property is true. |
|
|
|
|
|
|
|
return parent::beforeAction($action); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
Routes |
|
|
|
Routes |
|
|
|
------ |
|
|
|
------ |
|
|
|
|
|
|
|
|
|
|
|