mirror of
https://github.com/yiisoft/yii2.git
synced 2025-11-22 09:40:41 +08:00
use meta tags to pass CSRF token.
This commit is contained in:
Qiang Xue
@@ -43,12 +43,19 @@
|
|||||||
*/
|
*/
|
||||||
yii = (function ($) {
|
yii = (function ($) {
|
||||||
var pub = {
|
var pub = {
|
||||||
// version of Yii framework
|
/**
|
||||||
version: '2.0',
|
* @return string|undefined the CSRF variable name. Undefined is returned is CSRF validation is not enabled.
|
||||||
// CSRF token name and value. If this is set and a form is created and submitted using JavaScript
|
*/
|
||||||
// via POST, the CSRF token should be submitted too to pass CSRF validation.
|
getCsrfVar: function() {
|
||||||
csrfVar: undefined,
|
return $('meta[name=csrf-var]').attr('content');
|
||||||
csrfToken: undefined,
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string|undefined the CSRF token. Undefined is returned is CSRF validation is not enabled.
|
||||||
|
*/
|
||||||
|
getCsrfToken: function() {
|
||||||
|
return $('meta[name=csrf-token]').attr('content');
|
||||||
|
},
|
||||||
|
|
||||||
initModule: function (module) {
|
initModule: function (module) {
|
||||||
if (module.isActive === undefined || module.isActive) {
|
if (module.isActive === undefined || module.isActive) {
|
||||||
|
|||||||
@@ -12,6 +12,7 @@ use yii\helpers\FileHelper;
|
|||||||
use yii\helpers\Html;
|
use yii\helpers\Html;
|
||||||
use yii\web\JqueryAsset;
|
use yii\web\JqueryAsset;
|
||||||
use yii\web\AssetBundle;
|
use yii\web\AssetBundle;
|
||||||
|
use yii\web\Request;
|
||||||
use yii\widgets\Block;
|
use yii\widgets\Block;
|
||||||
use yii\widgets\ContentDecorator;
|
use yii\widgets\ContentDecorator;
|
||||||
use yii\widgets\FragmentCache;
|
use yii\widgets\FragmentCache;
|
||||||
@@ -708,6 +709,13 @@ class View extends Component
|
|||||||
if (!empty($this->metaTags)) {
|
if (!empty($this->metaTags)) {
|
||||||
$lines[] = implode("\n", $this->metaTags);
|
$lines[] = implode("\n", $this->metaTags);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$request = Yii::$app->getRequest();
|
||||||
|
if ($request instanceof Request && $request->enableCsrfValidation) {
|
||||||
|
$lines[] = Html::tag('meta', '', array('name' => 'csrf-var', 'content' => $request->csrfVar));
|
||||||
|
$lines[] = Html::tag('meta', '', array('name' => 'csrf-token', 'content' => $request->getCsrfToken()));
|
||||||
|
}
|
||||||
|
|
||||||
if (!empty($this->linkTags)) {
|
if (!empty($this->linkTags)) {
|
||||||
$lines[] = implode("\n", $this->linkTags);
|
$lines[] = implode("\n", $this->linkTags);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,19 +23,4 @@ class YiiAsset extends AssetBundle
|
|||||||
public $depends = array(
|
public $depends = array(
|
||||||
'yii\web\JqueryAsset',
|
'yii\web\JqueryAsset',
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
|
||||||
* @inheritdoc
|
|
||||||
*/
|
|
||||||
public function registerAssets($view)
|
|
||||||
{
|
|
||||||
parent::registerAssets($view);
|
|
||||||
$js[] = "yii.version='" . Yii::getVersion() . "';";
|
|
||||||
$request = Yii::$app->getRequest();
|
|
||||||
if ($request instanceof Request && $request->enableCsrfValidation) {
|
|
||||||
$js[] = "yii.csrfVar='{$request->csrfVar}';";
|
|
||||||
$js[] = "yii.csrfToken='{$request->csrfToken}';";
|
|
||||||
}
|
|
||||||
$view->registerJs(implode("\n", $js), View::POS_END);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user