[SOLVED] CSRF and default delete link

adinugro · May 17, 2011, 1:19pm

Dear All,

I am activating CSRF in main.php




...

'request' => array(

            'enableCsrfValidation' => true,

            'enableCookieValidation' => true,

        ),

...

However, my delete link generated by gii,




....

array('label' => 'Delete', 'url' => '#', 'linkOptions' => array('submit' => array('delete', 'id' => $model->id), 'confirm' => 'Are you sure you want to delete ' . $model->name . '?')),

...

cannot work. The error message is "Error 400: The CSRF token could not be verified."

Can someone help with this?

Cheers,

Daniel

softark · May 17, 2011, 9:55pm

Add ‘csrf’ => true to the ‘linkOptions’.




....

array('label' => 'Delete',

    'url' => '#',

    'linkOptions' => array(

        'submit' => array('delete', 'id' => $model->id),

        'confirm' => 'Are you sure you want to delete ' . $model->name . '?'),

        'csrf' => true,

    ),

),

...

In general, you can set additional attributes(e.g. ‘class’, ‘title’ and ‘style’) to a HTML entity with “htmlOptions” parameter in CHtml helper functions. For a CMenu item, those htmlOptions parameters should be specified in terms of item’s “linkOptions” property.

And you can set some special kinds of attribute in this "htmlOptions" parameter. "submit", "confirm" and "csrf" are among them.

CHtml::clientChange