Yii Framework 3.0 API Documentation
This is the Yii Framework API Documentation. Here you will find detailed information about all classes provided by the Framework. Below you find a list of the existing classes, interfaces, and traits, ordered by their fully qualified name (including the namespace). Each of them has a dedicated page which contains a description about the purpose of the class, a list of the available methods, properties and constants, and detailed description on how to use each of them.
On this page you find all the classes included in version 3.0 of the framework. You can use the dropdown menu on the top right to switch between versions.
You can search API documentation using the search form on the top.
You can search for class names and also method and property names, e.g. ActiveRecord.save() or just .save() or ::save().
This page is also available in JSON format:curl https://www.yiiframework.com/doc/api/3.0/csrf -H 'Accept: application/json'
| Class | Description |
|---|---|
| Yiisoft\Csrf\CsrfHeaderMiddleware | PSR-15 middleware that takes care of custom HTTP header CSRF validation. |
| Yiisoft\Csrf\CsrfMiddleware | PSR-15 middleware that takes care of token validation. |
| Yiisoft\Csrf\CsrfTokenInterface | Token returns currently valid token as string. |
| Yiisoft\Csrf\CsrfTokenMiddleware | PSR-15 middleware that takes care of token validation. |
| Yiisoft\Csrf\Hmac\HmacCsrfToken | Stateless CSRF token that does not require any storage. The token is a hash from session ID and a timestamp (to prevent replay attacks). It is added to forms. When the form is submitted, we re-generate the token from the current session ID and a timestamp from the original token. If two hashes match, we check that timestamp is less than {@see HmacCsrfToken::$lifetime}. |
| Yiisoft\Csrf\Hmac\IdentityGenerator\CsrfTokenIdentityGeneratorInterface | Identity generator returns an ID to be used for the {@see \Yiisoft\Csrf\Hmac\HmacCsrfToken}. |
| Yiisoft\Csrf\Hmac\IdentityGenerator\SessionCsrfTokenIdentityGenerator | Session based CSRF token identification. |
| Yiisoft\Csrf\MaskedCsrfToken | Masked CSRF token applies masking to a token string. It makes BREACH attack impossible so it is safe to use it in HTML to be later passed to the next request either as a hidden form field or via JavaScript async request. |
| Yiisoft\Csrf\StubCsrfToken | StubCsrfToken represents a simple implementation of CsrfTokenInterface. |
| Yiisoft\Csrf\Synchronizer\Generator\CsrfTokenGeneratorInterface | Token generator generates a new CSRF token. |
| Yiisoft\Csrf\Synchronizer\Generator\RandomCsrfTokenGenerator | Generates a random token. |
| Yiisoft\Csrf\Synchronizer\Storage\CsrfTokenStorageInterface | Token storage persists a token between requests. |
| Yiisoft\Csrf\Synchronizer\Storage\SessionCsrfTokenStorage | Persists a token between requests in a user session. |
| Yiisoft\Csrf\Synchronizer\SynchronizerCsrfToken | Stateful CSRF token that is a unique random string. It is stored it in persistent storage available only for the currently logged in user. The same token is added to forms. When the form is submitted, token that came from the form is compared against the token stored. |
Signup or Login in order to comment.