In my Yii2 application there is a form that users submit. The site has CSRF validation turned but if the user has cookies disabled, an error is thrown. What is the best way to handle a situation like this? I don’t really want to disable CSRF validation but I need to be sure that the form is only submitted from my site. There is no login process involved. It is simply a one-time use situation for the user. Thanks.
CSRF protection is implemented via synchronous storage of generated token. Cookies is one of the medium that is used by default. You can use session instead. See https://www.yiiframework.com/doc/api/2.0/yii-web-request#$enableCsrfCookie-detail
Thank you. I’ll give it a try. I know that normally this is set in the config file but can it also be set in the controller?
Try it:
Yii::$app->request->enableCsrfCookie = false;