dongshimao7115 2018-12-19 12:06
浏览 87

使用Ajax表单的Zend Framework 3中的CSRF问题

I am having an intermittent problem with the CSRF element in a ZF3 ajax form. I am using the following to configure the element

$this->add([
     'type' => Element\Csrf::class,
     'name' => 'onlineGameCsrf',
     'options' => [
         'csrf_options' => [
             'timeout' => 600,
         ],
     ],
 ]);

and including in the form using

echo $this->formRow($form->get('onlineGameCsrf'));

Most of the time this works as it should but every so often, maybe one in ten times, it fails. The logs show the following error.

[notSame] => The form submitted did not originate from the expected site

I have tried a couple of 'fixes' that I have found on SO and elsewhere. The first was moving $form->prepare() to the view file and another was to increase the timeout in the configuration. Neither of these worked, though perhaps I wasn't increasing the timeout enough (I went to a max of 2000).

I am using the same CSRF element elsewhere in the site on non-ajax forms and it is working correctly with no issues.

Any help would be much appreciated.

Thanks.

  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 解riccati方程组
    • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
    • ¥30 用arduino开发esp32控制ps2手柄一直报错
    • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
    • ¥15 求chat4.0解答一道线性规划题,用lingo编程运行,第一问要求写出数学模型和lingo语言编程模型,第二问第三问解答就行,我的ddl要到了谁来求了
    • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
    • ¥50 树莓派安卓APK系统签名
    • ¥65 汇编语言除法溢出问题
    • ¥15 Visual Studio问题
    • ¥20 求一个html代码,有偿