How to process http requests in yii2

VerbFilter

VerbFilter is a filter for HTTP request methods. Its function is to define the allowed access to specified actions. HTTP request, if an HTTP request that is not allowed comes, an HTTP 405 error will be thrown. If you do not specify the allowed request method, all types of request methods are allowed by default. (Recommended learning: yii tutorial)

Next, try the simple use of VerbFilter.

First, add the code in SiteController

public function actionInfo()
    {
        return \Yii::createObject([
            'class' => 'yii\web\Response',
            'format' => \yii\web\Response::FORMAT_JSON,
            'data' => [
                'message' => 'hello world',
                'code' => 100,
            ],
        ]);
    }

The above code returns a string formatted using FORMAT_JSON

Use URL: http://localhost/basic/web/index.php?r=site/info When accessing, it returns successfully

{"message":"hello world","code":100}

Then, add the code in behaviors()

public function behaviors()
    {
        return [
            ... ...
            'verbs' => [
                'class' => VerbFilter::className(),
                'actions' => [
                    'logout' => ['post'],                   
                    'info' => ['post'],
                ],
            ],
        ];
    }

The above code uses the filter VerbFilter in behaviors(), which indicates that when accessing the action info, only the POST request method can be used.

At this time, use the RESTClient tool and select the GET request method for access. time, a 405 error is returned

Modify the code again

public function behaviors()
    {
        return [
            ... ...
            'verbs' => [
                'class' => VerbFilter::className(),
                'actions' => [
                    'logout' => ['post'],                   
                    'info' => ['post','get'],
                ],
            ],
        ];
    }

Allow POST and GET two request methods to access the action Info, use the RESTClient tool to access, and obtain the return value when selecting the GET request method for access.

{"message":"hello world","code":100}

At this time, use the tool RESTClient to send the request through post and return a 405 error.

At this time, modify the web.php file

'request' => [
            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
            'cookieValidationKey' => '4mWc84oNsYJpc-nnnjMwyOOiCTgcThig',
            'enableCookieValidation' => false,
            'enableCsrfValidation' => false,
        ],

Add these two lines of code to police cookie protection and CSRF prevention strategies

 'enableCookieValidation' => false,
 'enableCsrfValidation' => false,

Send a request for access through post again, success.

Note: CSRF verification

Because when the Web page is accessed, there will be a corresponding hidden input:_csrf in the form for verification. Only when the verification is passed can the process proceed normally. Access;

rather than web page access (not through a web form, such as command line CURL request) cannot pass csrf verification.

The above is the detailed content of How to process http requests in yii2. For more information, please follow other related articles on the PHP Chinese website!