php - How to handle CSRF Validation in Yii2 Framework?

Question

I'm having problem with CSRF Validation in yii2. The validation works fine with the default form generated by the gii but when I edit the form with html tags then the form submission throws a bad request error. I have disabled csrf validation to hide the error but I want to use this for the security of the application and data validation.

Is there any way of solving this error or is there a way of configuring it to work correctly in this scenario?

Answer 1

I guess, your html form doesn't have hidden _csrf field, which is automatically generated by standard Yii2 widgets.

So the minimum code of your custom form might be like this:

<form method="post">
    <input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
    <button type="submit"> Save </button>
</form>