Commit f3450682 by Qiang Xue

Merge pull request #1689 from Ragazzo/controller_docs

csrf docs added
parents e16c4858 b0351ba4
......@@ -39,6 +39,44 @@ The output of an action is what the method returns. The return value will be han
component which can convert the output to differnet formats such as JSON for example. The default behavior
is to output the value unchanged though.
You also can disable CSRF validation per controller and/or action, by setting its property:
```php
namespace app\controllers;
use yii\web\Controller;
class SiteController extends Controller
{
public $enableCsrfValidation = false;
public function actionIndex()
{
#CSRF validation will no be applied on this and other actions
}
}
```
To disable CSRF validation per custom actions you can do:
```php
namespace app\controllers;
use yii\web\Controller;
class SiteController extends Controller
{
public function beforeAction($action)
{
// ...set `$this->enableCsrfValidation` here based on some conditions...
// call parent method that will check CSRF if such property is true.
return parent::beforeAction($action);
}
}
```
Routes
------
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment