Disable CSRF validation for individual actions in Yii2
Put this inside your controller, just replace index with whatever action you want to disable csrf
on.
public function beforeAction()
{
if ($this->action->id == 'index') {
$this->enableCsrfValidation = false;
}
return true;
}
i have tried this and it worked .
Go to the specific controller and write this at the top.
public $enableCsrfValidation = false;
For me this is what worked
public function beforeAction($action) {
if($action->id == 'my-action') {
Yii::$app->request->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
For the specific controller / actions you can disable CSRF validation like so:
use Yii;
...
Yii::$app->controller->enableCsrfValidation = false;
Or inside a controller:
$this->enableCsrfValidation = false;
Take a look at $enableCsrfValidation property of yii\web\Controller.
Update:
Here is some specification.
If you want to disable CSRF validation for individual action(s) you need to do it in beforeAction
event handler because CSRF token is checked before action runs (in beforeAction
of yii\web\Controller
).
/**
* @inheritdoc
*/
public function beforeAction($action)
{
if ($action->id == 'my-method') {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
Official docs:
- beforeAction()