[Devypt]

Hi All,

I want to ask how i enable csrf in certain forms only not paths?

[Keith]

Why do you want to disable it for any forms? Can you explain your scenario?

[Devypt]

 Keith, on 19 February 2013 - 03:59 PM, said:

Why do you want to disable it for any forms? Can you explain your scenario?

I have a website which i have convert it from codeigniter to yii, and now want to enable csrf but the problem that i have to do this step by step because forms i add csrf as urgent some else are not urgent.

[Keith]

Adding CSRF protection is simply a matter of opening each form with CHtml::beginForm() and closing it with CHtml::endForm(). The second isn't actually required but is probably good for consistency. How many forms do you have?

There's no built in way to activate CSRF for specific forms as far as I'm aware.

[outrage]

I can see why you might want to disable CSRF on some controllers.
I had the same problem when interfacing with Worldpay on one project. I got a posted callback to verify the transaction, but with global CSRF, obviously this failed with no token.

There is a thread here that seems to have a solution, although I haven't tried it myself.

http://www.yiiframew...-certain-paths/

[Devypt]

 outrage, on 21 February 2013 - 08:05 PM, said:

I can see why you might want to disable CSRF on some controllers.
I had the same problem when interfacing with Worldpay on one project. I got a posted callback to verify the transaction, but with global CSRF, obviously this failed with no token.

There is a thread here that seems to have a solution, although I haven't tried it myself.

http://www.yiiframew...-certain-paths/

Thanks, solved.