Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

启用Csrf后POST数据时出现的400错误_php技巧

WBOY
Release: 2016-05-16 20:11:44
Original
1424 people have browsed it

最近一直出现这样的错误,一直在查找原因,偶然看到一篇解决的文章,分享给大家看看。

第一种解决办法是关闭Csrf

public function init(){
  $this->enableCsrfValidation = false;
}
Copy after login

第二种解决办法是在form表单中加入隐藏域


第三种解决办法是在AJAX中加入_csrf字段

var csrfToken = $('meta[name="csrf-token"]').attr("content");
$.ajax({
 type: 'POST',
 url: url,
 data: {_csrf:csrfToken},
 success: success,
 dataType: dataType
});
Copy after login

Yii这个匹配的过程和Yii::$app->request->csrfToken 这个值存储位置说明:

存储位置

  protected function createCsrfCookie($token)
  {
    $options = $this->csrfCookie;
    $options['name'] = $this->csrfParam;
    $options['value'] = $token;
    return new Cookie($options);
  }
Copy after login

校验方法

  public function validateCsrfToken($token = null)
  {
    $method = $this->getMethod();
    // only validate CSRF token on non-"safe" methods http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1
    if (!$this->enableCsrfValidation || in_array($method, ['GET', 'HEAD', 'OPTIONS'], true)) {
      return true;
    }

    $trueToken = $this->loadCsrfToken();

    if ($token !== null) {
      return $this->validateCsrfTokenInternal($token, $trueToken);
    } else {
      return $this->validateCsrfTokenInternal($this->getBodyParam($this->csrfParam), $trueToken)
        || $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken);
    }
  }
Copy after login

以上所述就是本文的全部内容了,希望大家能够喜欢。

Related labels:
启用Csrf POST数据时出现的400错误
source:php.cn
Previous article:PHP伪造来源HTTP_REFERER的方法实例详解_php技巧 Next article:PHP 错误处理机制_php技巧
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
What are the best practices for displaying version information in web applications? I'm developing a web application. What are the best practices for displaying version infor...
From 2024-04-06 19:13:16
0
2
476
Website using Live Server doesn't work when I launch it from a file I tried several browsers and in every case the website works fine with LiveServer. On the ...
From 2024-04-06 12:46:18
0
1
403
There is an error with npx create-react-app command, how do I fix it? I've been trying to create a new React app using the 'npxcreate-react-app' command but it ...
From 2024-04-05 14:42:18
0
1
3511
Releasing the X-axis after calling Chart.zoom(): a step-by-step guide I set the scroll strategy to setScrollStrategy(AxisScrollStrategies.progressive) and on th...
From 2024-04-04 23:40:56
0
1
1339
Efficient way to fill missing values ​​in unordered map from SQL table (SQL/C++) Question Currently there is a system that reads unique identifiers (ids) and their attache...
From 2024-04-04 11:47:44
0
1
345
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template