Yii CSRF Token 无法验证
[英]Yii CSRF Token cannot be verified
问题描述
I had in my script a form which was submitted by ajax like this:
我的脚本中有一个由 ajax 提交的表单,如下所示:
jQuery.ajax({
url:jQuery('form',modal).attr('action'),
contentType: "application/json; charset=utf-8",
dataType: 'json',
type:'post',
data: {
email:jQuery('input[name="email"]',modal).val(),
something:jQuery('input[name="something"]',modal).val(),
level:jQuery('select[name="level"]',modal).val(),
YII_CSRF_TOKEN: jQuery('input[name="csrf"]').val()
},
success: function(data){
jQuery('.message',modal).html(data.message).slideDown();
if (!data.success){
jQuery('input[name="email"]',modal).addClass('error');
} else {
jQuery('input[name="email"]',modal).removeClass('error');
}
}
});
Everything was working great.一切都很好。 Then today I was writing new function for deleting items from database.然后今天我正在编写从数据库中删除项目的新函数。 SO I wrote my php function (nothing extra complicated) and added jQuery ajax call to it triggered by clicking on link:所以我写了我的 php 函数(没有什么特别复杂的)并添加了 jQuery ajax 调用,通过点击链接触发:
// ajax request
jQuery.ajax({
url:jQuery(this).attr('href'),
contentType: "application/json; charset=utf-8",
dataType: "json",
type:'post',
data: {
something:jQuery(this).attr('alt'),
YII_CSRF_TOKEN:jQuery('input[name="csrf"]').val()
},
success: function(data){
}
});
Both, the link and the form are in the same view.链接和表单都在同一视图中。 But after adding the new function for deleting Everything kind of broke down.但是在添加了删除一切的新功能之后,就有点崩溃了。 I cannot make any POST request to server, just having "Error: The CSRF token could not be verified".我无法向服务器发出任何 POST 请求,只有“错误:无法验证 CSRF 令牌”。 I cannot see the problem as I am passing the CSRF.我在通过 CSRF 时看不到问题。 The firebug log shows:萤火虫日志显示:
YII_CSRF_TOKEN bf6d9bf62ee96f32e34a74244baca7f2f1bdd569
something 4
I might understand that the new function doesn't work for any reason, but why did the other function broke down as well, I cannot get.我可能理解新功能因任何原因不起作用,但为什么另一个功能也崩溃了,我不明白。
1 个解决方案
解决方案1
1 2012-10-13 00:08:26
I have figured out what the problem was and thought I would share it with you.我已经弄清楚问题是什么,并认为我会与您分享。 Of course it was very trivial.当然,这是非常微不足道的。
In the PHP function (action) the flow was going, and everytime it run into problem / not expected result (record doesn't exist etc.) it would return something like:在 PHP 函数(动作)中,流程正在进行,每次遇到问题/非预期结果(记录不存在等)时,它都会返回如下内容:
if (empty($user)){
echo json_encode(array('success'=>0,'message'=>'User does not exist'));
return false;
}
I think that some of you see my mistake already.我想你们中的一些人已经看到了我的错误。 The problem is that once you问题是一旦你
return false;
Yii automatically gives back message "Invalid Request". Yii 自动返回消息“无效请求”。 Therefore, doesn't matter if you get or not everything done well on server side, you have to always return true.因此,无论您是否在服务器端做得很好,都必须始终返回 true。 So所以
if (empty($user)){
echo json_encode(array('success'=>0,'message'=>'User does not exist'));
return true;
}
Works as expected.按预期工作。
For the problem with message "Error: The CSRF token could not be verified."对于消息“错误:无法验证 CSRF 令牌”的问题。 I still don't understand what the problem is, but also found solution.我仍然不明白问题是什么,但也找到了解决方案。 I have realized that this message is returned in first instance I do any action with $_POST variable.我已经意识到这条消息是在第一时间返回的,我对 $_POST 变量执行任何操作。 Therefore what I did at the beginning of the actions is:因此,我在行动开始时所做的是:
$post = $_POST;
Probably not the perfect solution, but it works.可能不是完美的解决方案,但它有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.