CSRF
CSRF stands for
Cross Site Request Forgery
. By enabling the CSRF Component, you
get protection against attacks. CSRF is a common vulnerability in web applications. It
allows an attacker to capture and replay a previous request, and sometimes submit data
requests using image tags or resources on other domains. The CSRF can be enabled by
simply adding the
CsrfComponent
to your components array as shown below.
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
}
The CsrfComponent integrates seamlessly with
FormHelper
. Each time you create a form
with FormHelper, it will insert a hidden field containing the CSRF token.
While this is not recommended, you may want to disable the CsrfComponent on certain
requests. You can do so by using the controller’s event dispatcher, during the
Do'stlaringiz bilan baham: |