Php Yii dropzone扩展(无法验证CSRF令牌)
我想发布带有dropzone请求的Yii csrftoken这里是我的代码Php Yii dropzone扩展(无法验证CSRF令牌),php,ajax,file-upload,yii,Php,Ajax,File Upload,Yii,我想发布带有dropzone请求的Yii csrftoken这里是我的代码 $this->widget('ext.dropzone.EDropzone', array( 'model' => $model, 'attribute' => 'file', 'url' => $this->createUrl('//media/file'), 'mimeTypes' =&
$this->widget('ext.dropzone.EDropzone', array(
'model' => $model,
'attribute' => 'file',
'url' => $this->createUrl('//media/file'),
'mimeTypes' => array('image/jpeg', 'image/png'),
'options' => array('sending' => 'function(file, xhr, formData) {
formData.append("YII_CSRF_TOKEN", "' . Yii::app()->request->csrfToken . '");
}',),
));
//控制器>介质(不访问控制器)
这就是我在搜索CSRF令牌以使用xupload/blueimpjquery文件上传程序时发现的。将其放入components目录中的文件“EHttpRequest.php”(或创建它) 资料来源:
警告:这样做可能会有一些安全风险,如果有人认为此安全性有任何问题,请告诉我。这是如何停止某些操作的CsrfValidation
//main/config
在“组件”下添加以下行
'request' => array(
'class' => 'HttpRequest',
'noCsrfValidationRoutes' => array(
'^site/upload.*$',
),
'enableCookieValidation' => true,
'enableCsrfValidation' => true,
),
然后在组件文件夹中
class HttpRequest extends CHttpRequest
{
public $prev_url;
public $noCsrfValidationRoutes = array();
protected function normalizeRequest()
{
parent::normalizeRequest();
if(!isset($_SERVER['REQUEST_METHOD']) || $_SERVER['REQUEST_METHOD'] != 'POST')
{
return;
}
$route = Yii::app()->getUrlManager()->parseUrl($this);
if($this->enableCsrfValidation)
{
foreach($this->noCsrfValidationRoutes as $cr)
{
if(preg_match('#'.$cr.'#', $route))
{
Yii::app()->detachEventHandler('onBeginRequest', array($this,'validateCsrfToken'));
Yii::trace('Route "'.$route.' passed without CSRF validation');
break; // found first route and break
}
}
}
}
public function getCurrentUri()
{
// Get HTTP/HTTPS (the possible values for this vary from server to server)
$myUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && !in_array(strtolower($_SERVER['HTTPS']),array('off','no'))) ? 'https' : 'http';
// Get domain portion
$myUrl .= '://'.$_SERVER['HTTP_HOST'];
// Get path to script
$myUrl .= $_SERVER['REQUEST_URI'];
// Add path info, if any
$get = $_GET; // Create a copy of $_GET
if (count($get)) { // Only add a query string if there's anything left
$myUrl .= '?'.http_build_query($get);
}
return $myUrl;
}
}
您可以通过url将其作为url参数$this->createUrl('//media/file',array('YII_CSRF_TOKEN'=>YII::app()->request->csrfToken')发送。它不起作用。您在url中获得了什么内容供您尝试?然后您在url中获得了令牌。是不是错了?我试过了,但没有效果,我在组件文件夹的旁边创建了这个类,并从配置'request'=>array('class'=>'EHttpRequest')调用它,嗯,这绝对是正确的步骤。我将进一步研究它,可能还有另一个我忘记的代码编辑。
'request' => array(
'class' => 'HttpRequest',
'noCsrfValidationRoutes' => array(
'^site/upload.*$',
),
'enableCookieValidation' => true,
'enableCsrfValidation' => true,
),
class HttpRequest extends CHttpRequest
{
public $prev_url;
public $noCsrfValidationRoutes = array();
protected function normalizeRequest()
{
parent::normalizeRequest();
if(!isset($_SERVER['REQUEST_METHOD']) || $_SERVER['REQUEST_METHOD'] != 'POST')
{
return;
}
$route = Yii::app()->getUrlManager()->parseUrl($this);
if($this->enableCsrfValidation)
{
foreach($this->noCsrfValidationRoutes as $cr)
{
if(preg_match('#'.$cr.'#', $route))
{
Yii::app()->detachEventHandler('onBeginRequest', array($this,'validateCsrfToken'));
Yii::trace('Route "'.$route.' passed without CSRF validation');
break; // found first route and break
}
}
}
}
public function getCurrentUri()
{
// Get HTTP/HTTPS (the possible values for this vary from server to server)
$myUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && !in_array(strtolower($_SERVER['HTTPS']),array('off','no'))) ? 'https' : 'http';
// Get domain portion
$myUrl .= '://'.$_SERVER['HTTP_HOST'];
// Get path to script
$myUrl .= $_SERVER['REQUEST_URI'];
// Add path info, if any
$get = $_GET; // Create a copy of $_GET
if (count($get)) { // Only add a query string if there's anything left
$myUrl .= '?'.http_build_query($get);
}
return $myUrl;
}
}