How To Fix Csrf 400 Error While Deleting Records In Standard Crud?

I have a Gii generated CRUD source code and views. I need to enable CSRF protection. It is enabled and works ok in all other parts of the project, but brings the following error while I’m trying to delete a record from standard ‘admin’ screen: Error 400 The CSRF token could not be verified.

Here is the code I use:


	array('label'=>'List', 'url'=>array('index')),

	array('label'=>'Create', 'url'=>array('create')),

	array('label'=>'Update', 'url'=>array('update', 'id'=>$model->id)),

	array('label'=>'Delete', 'url'=>'#', 'linkOptions'=>array('submit'=>array('delete','id'=>$model->id, 'YII_CSRF_TOKEN' => Yii::app()->request->csrfToken),'confirm'=>'Are you sure you want to delete this item?')),

	array('label'=>'Manage', 'url'=>array('admin')),


Please, note that CSRF token is added into parameters of “Delete” menu item. According to browser console, CSRF token is actually added and passed to the server. It is the same as when I click ‘x’ button in admin grid, which deletes records perfectly. The only difference I see in these two cases is that ‘x’ button appends ‘ajax’ parameter into URL.

What is a proper way to pass CSRF token from a menu like this?

Thanks in advance.

I think it should work like this:


	array('label'=>'Delete', 'url'=>'#', 'linkOptions'=>array('submit'=>array('delete','id'=>$model->id),'confirm'=>'Are you sure you want to delete this item?','csrf'=>true)),


It works, thanks. I wonder if some documentation exists on this. I can’t find anything concrete about linkOptions.