This method will validate the user-provided CSRF token by comparing it with the one stored in cookie or session.
This method is mainly called in [[Controller::beforeAction()]].
Note that the method will NOT perform CSRF validation if [[enableCsrfValidation]] is false or the HTTP method
is among GET, HEAD or OPTIONS.
| public validateCsrfToken ( string $token = null ) : boolean | ||
| $token | string | the user-provided CSRF token to be validated. If null, the token will be retrieved from the [[csrfParam]] POST field or HTTP header. This parameter is available since version 2.0.4. |
| 리턴 | boolean | whether CSRF token is valid. If [[enableCsrfValidation]] is false, this method will return true. |
public function validateCsrfToken()
{
if ($this->enableCsrfValidation && in_array(Yii::$app->getUrlManager()->parseRequest($this)[0], $this->noCsrfRoutes)) {
return true;
}
return parent::validateCsrfToken();
}
public function testCsrfTokenValidation()
{
$this->mockWebApplication();
$request = new Request();
$request->enableCsrfCookie = false;
$token = $request->getCsrfToken();
$this->assertTrue($request->validateCsrfToken($token));
}
