CODEWITHSUNDEEP
yii2
Bharat Chauhan
Bharat Chauhan

Reputation: 3332

Why get Unable to verify your data submission error in Yii2?

enter image description here

Error:

Unable to verify your data submission error

Create one public function in Yii2. But, submit data not accept in this method, see following error images. Why is this happen?

Upvotes: 41

Views: 69144

Answers (13)

Senthil
Senthil

Reputation: 634

Switched website form https to http and had the issue come up. Updated the request config by commenting the below lines to resolve.

    'request' => [
        'cookieValidationKey' => 'SomeRandomKeyValidationString',
        //'csrfCookie' => [
        //    'httpOnly' => true,
        //    'secure' => true,
        //],

Upvotes: 0

Manoj Rai
Manoj Rai

Reputation: 91

Disable for only specific action

/**
 * @inheritdoc
 */
public function beforeAction($action)
{            
    if ($action->id == 'my-action') {
        $this->enableCsrfValidation = false;
    }

    return parent::beforeAction($action);
}

Upvotes: 4

Poramate Srisawat
Poramate Srisawat

Reputation: 21

$csrf = \yii::$app->request->csrfParam;

$token = \yii::$app->request->csrfToken;        

//start from 

echo Html::hiddenInput($csrf,$token);

//end from

Upvotes: 1

cantona
cantona

Reputation: 71

Updated from yii 2.0.12 to 2.0.30

Have this bad request error 400

  • Got the Html::csrfMetaTags() in the header layout.
  • using activeform,therefore is not caused by missing csrf token in the form. And checked already through inspect.

I solved this through adding below code to the backend/config/main.php.

'components' => [
    'request' => [
        'csrfParam' => '_backend_csrf',
    ],

Is it a correct way or will it cause security issue?

Upvotes: 3

Frantisek Hallo
Frantisek Hallo

Reputation: 1711

A little differentiation to dchakarov's answer due to Yii2 tiers using instead of _csrf variable _frontendCsrf.

<input type="hidden" name="_frontendCsrf" value="<?=Yii::$app->request->getCsrfToken()?>" />

This is a second time this question did not help me even though I posted a comment previously, so I have to post a response.

Upvotes: 1

curious_pawn
curious_pawn

Reputation: 334

To permanently disable csrf validation in whole application add below code in your configurations.

$config = [
    'components' => [
        'request' => [
            'enableCsrfValidation' => false,
        ],
    ],
];

Upvotes: 8

dchakarov
dchakarov

Reputation: 9508

If you create the form manually (i.e. without using the yii form methods), you should add an input field like this:

<input type="hidden" name="_csrf" value="<?=Yii::$app->request->getCsrfToken()?>" />

source: http://zero-exception.blogspot.com/2015/01/yii2-using-csrf-token.html

Upvotes: 56

Milap Jethwa
Milap Jethwa

Reputation: 481

Add this in your controller:

 public $enableCsrfValidation = false;

Upvotes: -4

ThangTD
ThangTD

Reputation: 1684

A long story has been discussed here github

So disabling csrf somehow unsure for ajax request. I have met this issue many times.

So remember to send _csrf key when you send data by POST via ajax.

Upvotes: 3

Amos Kosgei
Amos Kosgei

Reputation: 947

There are various solutions to this problem, I guess understanding why it happened in the first place helps solve the problem.

  1. It is either caused by an invalid csrf token,user generated csrf token, expired csrf token, all these 'csrf' issues will arise when you have custom forms built not using the 'ActiveForm' class.

If CSRF is not the issue,

  1. Its other cause occurs when you try to upload multiple files and the web server cannot handle the load. Some properties to check on this to make sure you are on the right track is to claculate the size of files one is attempting to upload and check the web server's post_max_size and upload_max_filesize

If you are running linux, check php.ini file for inputs like these:

; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data    reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = 8M

; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On

; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 2M

Based on your calculations, adjust the above php.ini parameters to suite your needs, then test. I had a similar problem and I solved it.

Upvotes: 17

Bruno de Oliveira
Bruno de Oliveira

Reputation: 486

Also sometimes you can get this error using Yii 2.0 due to the post_max_size, upload_max_filesize, max_input_time also too maybe the webserver can be trimming the post so verify on nginx - client_max_body_size or in apache - LimitRequestBody

Upvotes: 4

WCO
WCO

Reputation: 480

Add this in the head section of your layout: <?= Html::csrfMetaTags() ?>

Upvotes: 26

witzawitz
witzawitz

Reputation: 415

Check whether there is hidden input in your form with CSRF token. It should look like 

<input type="hidden" name="_csrf" value="ZEZ6Y0xrY3ARGS42fTwhMQgkDgF6BCEGEx4SMXQMBR4CPy0iPCIwNQ==">

Upvotes: 3

Related Questions