Onur Degerli
Reputation: 219
Csrf token isn't being created in subdomain
I activated csrf protection on my project which runs on Yii framework. Csrf token is being created when base domain runs like "www.example.com". But it isn't being created when the subdomain runs like "admin.example.com".
The configuration:
'components'=>array(
'request' => array(
'class' => 'application.components.HttpRequest',
'enableCsrfValidation' => true,
),
...
What is the problem in my code or is it about the server?
Upvotes: 2
Views: 978
Answers (1)
Michael Härtl
Reputation: 8607
You can configure the CSRF cookie params in the request component in your main.php configuration:
'components' => array(
'request' => array(
'csrfCookie' => array(
'domain' => '.example.com',
),
),
),
Check out the other cookie options. You may also have to tweak the cookie path. This may also be helpful:
How do browser cookie domains work?
Upvotes: 3
Related Questions
- Yii2 Bad Request 400 - Unable to login from iframe on another domain
- Yii CSRF Token cannot be verified
- csrf validation in yii2 not working
- CSRF Tokens in Yii2 REST API with cookie stored tokens
- yii2 CSRF not validating host
- CSRF token doesn't work (yii2) with https
- Yii 1.1.17: CSRF token validation fails with POST via Angular Controller
- CSRF token doesn't work (yii2)
- Yii - Error 400 The CSRF token could not be verified
- CSRF token problem with CodeIgniter