I use yii2 advanced. I have the following behaviors() method in my NameController:
...
class NameController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => [],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => [],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'*' => ['get'],
],
],
];
}
...
}
What I have now:
I am allowing any action within this NameController to be used only by GET request.
What I would like to achieve:
I want to allow only GET requests from a local server, so none of the foreign servers should be able to cURL, file_get_contents(), etc to NameController’s actions.
An example:
Let’s say my domain is http://domain.com. If I send GET request (e.g. AJAX) within this domain, than requests should be successful, even if they are coming from different controller. In case of any other domain or server trying to cURL or access actions within NameController, they should receive error (let’s say 404 header).
Questions:
Is it possible to do using behaviors()?
Or is there any special class or library in Yii2 for this?