I’m trying to debug an issue with the same Yii codebase on 2 different environments (dev and production).
My question is, if enableCsrfValidation is set to true for the request component in the config, is the CSRF token validation skipped if YII_DEBUG is true? Or does setting enableCsrfValidation to true always validate CSRF tokens on forms regardless if debug mode is enabled or not?
<?php
// index.php file
// remove the following lines when in production mode
defined('YII_DEBUG') or define('YII_DEBUG',true);
// specify how many levels of call stack should be shown in each log message
defined('YII_TRACE_LEVEL') or define('YII_TRACE_LEVEL',3);
// change the following paths if necessary
$yii=dirname(__FILE__).'/../vendor/yii.php';
$config=dirname(__FILE__).'/protected/config/main.php';
require_once($yii);
Yii::createWebApplication($config)->run();
// config/main.php file
// application components
'components'=>array(
...
'request'=>array(
'enableCsrfValidation'=> YII_DEBUG ? false : true,
),
...
),