Remove Csrf Hidden Fields

I’ve been validating my CSRF tokens by comparing the session value and the request headers(CSRF included) instead of the token in POST. I found them unnecessary anymore so I decided to remove them anyway. I’ve been finding the function where the hidden fields are being generated so that I can override it.

Thanks in advance.

You normally don’t handle that yourself: http://www.yiiframework.com/doc/guide/1.1/en/topics.security#cross-site-request-forgery-prevention

Any particular reason why you’ve been doing that work yourself?

Regardless, you can find the code in CHttpRequest

And the form uses it here:

https://github.com/yiisoft/yii/blob/1.1.13/framework/web/helpers/CHtml.php#L319

Just a small hint:

If I could figure that out by going to the Yii definitive guide and navigate from there to the API docs, so can you. ;)

Thanks jacmoe!