Yii Framework Forum: How To Enable Csrf In Certain Forms Only - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

How To Enable Csrf In Certain Forms Only Rate Topic: -----

#1 User is offline   Devypt 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 10
  • Joined: 01-May 11

Posted 19 February 2013 - 12:09 PM

Hi All,

I want to ask how i enable csrf in certain forms only not paths?
0

#2 User is offline   Keith 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 1,451
  • Joined: 04-March 10
  • Location:UK

Posted 19 February 2013 - 03:59 PM

Why do you want to disable it for any forms? Can you explain your scenario?
0

#3 User is offline   Devypt 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 10
  • Joined: 01-May 11

Posted 19 February 2013 - 10:12 PM

View PostKeith, on 19 February 2013 - 03:59 PM, said:

Why do you want to disable it for any forms? Can you explain your scenario?


I have a website which i have convert it from codeigniter to yii, and now want to enable csrf but the problem that i have to do this step by step because forms i add csrf as urgent some else are not urgent.
0

#4 User is offline   Keith 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 1,451
  • Joined: 04-March 10
  • Location:UK

Posted 20 February 2013 - 03:07 AM

Adding CSRF protection is simply a matter of opening each form with CHtml::beginForm() and closing it with CHtml::endForm(). The second isn't actually required but is probably good for consistency. How many forms do you have?

There's no built in way to activate CSRF for specific forms as far as I'm aware.
0

#5 User is offline   outrage 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 312
  • Joined: 10-November 09
  • Location:Blackpool, United Kingdom

Posted 21 February 2013 - 08:05 PM

I can see why you might want to disable CSRF on some controllers.
I had the same problem when interfacing with Worldpay on one project. I got a posted callback to verify the transaction, but with global CSRF, obviously this failed with no token.

There is a thread here that seems to have a solution, although I haven't tried it myself.

http://www.yiiframew...-certain-paths/
0

#6 User is offline   Devypt 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 10
  • Joined: 01-May 11

Posted 22 February 2013 - 11:07 PM

View Postoutrage, on 21 February 2013 - 08:05 PM, said:

I can see why you might want to disable CSRF on some controllers.
I had the same problem when interfacing with Worldpay on one project. I got a posted callback to verify the transaction, but with global CSRF, obviously this failed with no token.

There is a thread here that seems to have a solution, although I haven't tried it myself.

http://www.yiiframew...-certain-paths/


Thanks, solved.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users