php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-22 09:40:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

use meta tags to pass CSRF token.

Browse Source
This commit is contained in:
Qiang Xue
2013-09-17 21:00:19 -04:00
parent 240b42aa0c
commit 1aa836ffc7
3 changed files with 21 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
framework/yii/assets/yii.js
View File

@@ -43,12 +43,19 @@
*/
yii = (function ($) {
var pub = {
// version of Yii framework
version: '2.0',
// CSRF token name and value. If this is set and a form is created and submitted using JavaScript
// via POST, the CSRF token should be submitted too to pass CSRF validation.
csrfVar: undefined,
csrfToken: undefined,
/**
* @return string|undefined the CSRF variable name. Undefined is returned is CSRF validation is not enabled.
*/
getCsrfVar: function() {
return $('meta[name=csrf-var]').attr('content');
},
/**
* @return string|undefined the CSRF token. Undefined is returned is CSRF validation is not enabled.
*/
getCsrfToken: function() {
return $('meta[name=csrf-token]').attr('content');
},
initModule: function (module) {
if (module.isActive === undefined || module.isActive) {

8
framework/yii/base/View.php
View File

@@ -12,6 +12,7 @@ use yii\helpers\FileHelper;
use yii\helpers\Html;
use yii\web\JqueryAsset;
use yii\web\AssetBundle;
use yii\web\Request;
use yii\widgets\Block;
use yii\widgets\ContentDecorator;
use yii\widgets\FragmentCache;
@@ -708,6 +709,13 @@ class View extends Component
if (!empty($this->metaTags)) {
$lines[] = implode("\n", $this->metaTags);
}
$request = Yii::$app->getRequest();
if ($request instanceof Request && $request->enableCsrfValidation) {
$lines[] = Html::tag('meta', '', array('name' => 'csrf-var', 'content' => $request->csrfVar));
$lines[] = Html::tag('meta', '', array('name' => 'csrf-token', 'content' => $request->getCsrfToken()));
}
if (!empty($this->linkTags)) {
$lines[] = implode("\n", $this->linkTags);
}

15
framework/yii/web/YiiAsset.php
View File

@@ -23,19 +23,4 @@ class YiiAsset extends AssetBundle
public $depends = array(
'yii\web\JqueryAsset',
);
/**
* @inheritdoc
*/
public function registerAssets($view)
{
parent::registerAssets($view);
$js[] = "yii.version='" . Yii::getVersion() . "';";
$request = Yii::$app->getRequest();
if ($request instanceof Request && $request->enableCsrfValidation) {
$js[] = "yii.csrfVar='{$request->csrfVar}';";
$js[] = "yii.csrfToken='{$request->csrfToken}';";
}
$view->registerJs(implode("\n", $js), View::POS_END);
}
}