Disable CSRF validation for individual actions in Yii2

For the specific controller / actions you can disable CSRF validation like so: use Yii; … Yii::$app->controller->enableCsrfValidation = false; Or inside a controller: $this->enableCsrfValidation = false; Take a look at $enableCsrfValidation property of yii\web\Controller. Update: Here is some specification. If you want to disable CSRF validation for individual action(s) you need to do it in … Read more

What is a CSRF token? What is its importance and how does it work?

Cross-Site Request Forgery (CSRF) in simple words Assume you are currently logged into your online banking at www.mybank.com Assume a money transfer from mybank.com will result in a request of (conceptually) the form http://www.mybank.com/transfer?to=<SomeAccountnumber>;amount=<SomeAmount>. (Your account number is not needed, because it is implied by your login.) You visit www.cute-cat-pictures.org, not knowing that it is … Read more