Commit 64862f96 by Carsten Brandt

disable CSRF validation after validation has failed

this allows to be able to call error action. fixes #1244
parent f5219d24
...@@ -92,6 +92,8 @@ class Controller extends \yii\base\Controller ...@@ -92,6 +92,8 @@ class Controller extends \yii\base\Controller
{ {
if (parent::beforeAction($action)) { if (parent::beforeAction($action)) {
if ($this->enableCsrfValidation && !Yii::$app->getRequest()->validateCsrfToken()) { if ($this->enableCsrfValidation && !Yii::$app->getRequest()->validateCsrfToken()) {
// avoid checking again if errorAction is called to display exception
Yii::$app->getRequest()->enableCsrfValidation = false;
throw new HttpException(400, Yii::t('yii', 'Unable to verify your data submission.')); throw new HttpException(400, Yii::t('yii', 'Unable to verify your data submission.'));
} }
return true; return true;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment