BadRequestHttpException - Unable to verify your data submission

DBCreator · March 25, 2020, 11:55am

I’ve created a view, manually, which is a dashboard and am using a costum layout in which I inserted

<?= Html::csrfMetaTags() ?>

in the head section.

Yet, when the view is accessed, I keep getting bombarded with errors in the log relating to

[error][yii\web\HttpException:400] yii\web\BadRequestHttpException: Unable to verify your data submission. in D:\home\site\vendor\yiisoft\yii2\web\Controller.php:166

The index itself is a series of DIVs and I use a JS interval to continuously run AJAX calls to get stats and push them to their respective DIVs.

Can anyone offer some guidance?

Thank you.

samdark · March 25, 2020, 1:51pm

Do you pass CSRF token when doing these AJAX requests?

DBCreator · March 25, 2020, 3:39pm

No, I do not believe so, how is that done?

My JS is calling the following

function updateStat(url, ctl){
    $.ajax({
        async: false,
        method: "POST",
        url: url,
        timeout: 3000,
    })
    .done(function(result){
        result = JSON.parse(result);
        if(result.status == 'Success'){
            $('#'+ctl).text(result.message);
        }else{
            console.log("Problem with updateStat(" + url + ", " + ctl + ")");
            $('#'+ctl).text('?');
        }
    })
    .fail(function(xhr, status, error){
        var divClass = 'danger';
        var msg = "<span class=\"glyphicon glyphicon-remove\"></span> " + error + "<br><br>" + status + "<br><br>" + xhr.responseText;
        var sysMsg = '<div class=\"alert-' + divClass + ' alert fade in\">'
                + '<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">×</button>'
                + msg + '</div>';
        $('#modal-system-messages').html(sysMsg).stop().fadeIn().animate({opacity: 1.0}, 4000);
    });
}

DBCreator · March 25, 2020, 4:50pm

Just some more info.

I created a custom layout (views\layouts\dashboard-finance.php) and in that layout I’ve include the <?= Html::csrfMetaTags() ?> in the head section. When the index is rendered the following appears:

<meta name="csrf-param" content="_csrf-backend">
<meta name="csrf-token" content="eD7TCDvnNdp6VOXFw_7LCedcaFpJBtuc-6ikzMShc8wTXep7TLVvtkog1qmntY9Qoy1YNAJLt_TK4-iesvY-gg==">

In my controller I have

class DashboardFinanceController extends Controller
{
    public $layout = 'dashboard-finance';

    public function actionIndex()
    {
        return $this->render('index');
    }

    public function actionGetOrdersCount($cat)
    {
        if (strlen($cat) === 1) {
            \Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;

            $day_start = date("Y-m-d 00:00:00");
            $day_end = date("Y-m-d 23:59:59");
            $week_start = date("Y-m-d 00:00:00", strtotime('monday this week')); 

            if ($cat === "d") {
                $count = ProjectsStatusChanges::find()
                    ->innerJoin('lst_projects_statuses', 'projects_status_changes.StatusId = lst_projects_statuses.StatusId')
                    ->where(['between', 'projects_status_changes.dtCreation', $day_start, $day_end])
                    ->andWhere(['lst_projects_statuses.Status' => 'Completed'])
                    ->count();
            } elseif ($cat === "w") {
                $count = ProjectsStatusChanges::find()
                    ->innerJoin('lst_projects_statuses', 'projects_status_changes.StatusId = lst_projects_statuses.StatusId')
                    ->where(['between', 'projects_status_changes.dtCreation', $week_start, $day_end])
                    ->andWhere(['lst_projects_statuses.Status' => 'Completed'])
                    ->count();
            }

            if (isset($count)) {
                return json_encode(['status' => 'Success', 'message' => $count]);
            } else {
                return json_encode(['status' => 'Error', 'message' => 'Invalid Input Variable.']);
            }
        } else {
            return json_encode(['status' => 'Error', 'message' => 'Invalid Input Variable.']);
        }
    }
    //...
}

In my index, it performs an AJAX call to the actionGetOrdersCount action and gets the result but also generate the ‘BadRequestHttpException: Unable to verify your data submission.’ error?

I was under the impression that by including the <?= Html::csrfMetaTags() ?> in the layout, that the token was automatically handled with any requests.