Bad request 400 error on Backend actions with pretty url

gerilla · July 8, 2015, 4:19pm

i tried to hide frontend with htaccess. in frontend and backend all pages works good. but when i tried to login, create or update anything in backend it gaves "bad request (#400) unable to verify your data submission" error. when i disabled htaccess it works again.

i disabled rewrite url in backend but no chance. here is my htaccess


Options -Indexes

RewriteEngine on


<IfModule mod_rewrite.c>

#If the request starts with backend, then pass it through

RewriteCond %{REQUEST_URI} ^backend

RewriteRule ^ - [L,QSA]


RewriteCond %{REQUEST_URI} !/(frontend|backend)/web/(assets|css)/

RewriteCond %{REQUEST_URI} !(\.css|\.js|\.png|\.jpg|\.gif|robots\.txt|\.php)$ [NC]

RewriteCond %{REQUEST_URI} !(public|backend)

RewriteRule .* frontend/web/index.php [L]

</IfModule>

itma · July 8, 2015, 7:02pm

gerilla:

i tried to hide frontend with htaccess. in frontend and backend all pages works good. but when i tried to login, create or update anything in backend it gaves "bad request (#400) unable to verify your data submission" error. when i disabled htaccess it works again.

i disabled rewrite url in backend but no chance. here is my htaccess
Options -Indexes

RewriteEngine on


<IfModule mod_rewrite.c>

#If the request starts with backend, then pass it through

RewriteCond %{REQUEST_URI} ^backend

RewriteRule ^ - [L,QSA]


RewriteCond %{REQUEST_URI} !/(frontend|backend)/web/(assets|css)/

RewriteCond %{REQUEST_URI} !(\.css|\.js|\.png|\.jpg|\.gif|robots\.txt|\.php)$ [NC]

RewriteCond %{REQUEST_URI} !(public|backend)

RewriteRule .* frontend/web/index.php [L]

</IfModule>

It’s not related to .htaccess. It’s about CSRF validation. The code below is highly not recommended but if you must - use it:




public function beforeAction($action) {

    $this->enableCsrfValidation = false;

    return parent::beforeAction($action);

}

gerilla · July 8, 2015, 7:26pm

itma:

It’s not related to .htaccess. It’s about CSRF validation. The code below is highly not recommended but if you must - use it:
public function beforeAction($action) {

    $this->enableCsrfValidation = false;

    return parent::beforeAction($action);

}

thanks for reply but when i disable htaccess it works normally. i disabled backend rewrite url in htaccess but why it still

gets error?

itma · July 8, 2015, 7:53pm

Sorry, I didn’t notice that.