Remove Csrf Hidden Fields

I’ve been validating my CSRF tokens by comparing the session value and the request headers(CSRF included) instead of the token in POST. I found them unnecessary anymore so I decided to remove them anyway. I’ve been finding the function where the hidden fields are being generated so that I can override it.

Thanks in advance.

You normally don’t handle that yourself:

Any particular reason why you’ve been doing that work yourself?

Regardless, you can find the code in CHttpRequest

And the form uses it here:

Just a small hint:

If I could figure that out by going to the Yii definitive guide and navigate from there to the API docs, so can you. ;)

Thanks jacmoe!