Hey folks,
i got an problem.
i am using yii2 to do some CRUD operations.
When i validate my csrf with the Header “X-CSRF-Token” then everything works fine.
When i am trying to validate csrf via Body Params, i get the error bad request.
in other projects the request seems to be the same but its working there.
i also tested out if its disabled there but without the csrf token in the body params i get the error there.
i want to validate csrf via body params.
in the html head the csrf token is right.
Thats my web.php:
<?php
$params = require __DIR__ . '/params.php';
$db = require __DIR__ . '/db.php';
$config = [
'id' => 'basic',
'name' => 'XXXXXXXXX XXXXXXXXX',
'version' => '1.0.0',
'basePath' => dirname(__DIR__),
'language' => 'de-DE',
'sourceLanguage' => 'en-US',
'timeZone' => 'Europe/Berlin',
'bootstrap' => ['log'],
'layout' => 'main-sync',
'aliases' => [
'@bower' => '@vendor/bower-asset',
'@npm' => '@vendor/npm-asset',
],
'components' => [
'session' => [
'class' => 'yii\web\Session',
'cookieParams' => ['lifetime' => 30 * 24 * 60 * 60] // 30 Tage https://stackoverflow.com/a/41367500
],
'request' => [
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
'cookieValidationKey' => 'XXXXXX-XXXXXXXXX',
],
'cache' => [
'class' => 'yii\caching\FileCache',
],
/*
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => true,
],
*/
'authManager' => [
'class' => 'Da\User\Component\AuthDbManagerComponent',
'defaultRoles' => ['user'],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
// send all mails to a file by default. You have to set
// 'useFileTransport' to false and configure a transport
// for the mailer to send real emails.
'useFileTransport' => false,
'transport' => [
'class' => 'Swift_SmtpTransport',
'host' => 'XXXX.XXXX',
'username' => 'XXXXXXXXX',
'password' => 'XXXXXX',
'port' => 'XXXX',
'encryption' => 'XXXXXX',
],
],
'log' => [
'traceLevel' => 3,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning', 'trace', 'info'],
],
],
],
'db' => $db,
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [],
],
'view' => [
'theme' => [
'pathMap' => [
'@Da/User/resources/views' => '@app/enhancement/user/views',
],
],
],
],
'modules' => [
'user' => [
'class' => Da\User\Module::class,
'administrators' => ['XXX', 'XXX', 'XXXXXXX'],
'enableEmailConfirmation' => true,
'enableRegistration' => false,
'enableFlashMessages' => true,
'rememberLoginLifespan' => 30 * 24 * 60 * 60,
'enableTwoFactorAuthentication' => true,
'routes' => [
'<action:(login|logout)>' => 'user/<action>',
],
'mailParams' => [
'fromEmail' => 'xxxx@xxxx.xxxxx',
],
// 'disableIpLogging' => true,
// ...other configs from here: [Configuration Options](installation/configuration-options.md), e.g.
// 'generatePasswords' => true,
// 'switchIdentitySessionKey' => 'myown_usuario_admin_user_key',
]
],
'params' => $params,
];
if (YII_ENV_DEV) {
// configuration adjustments for 'dev' environment
$config['bootstrap'][] = 'debug';
$config['modules']['debug'] = [
'class' => 'yii\debug\Module',
// uncomment the following to add your IP if you are not connecting from localhost.
'allowedIPs' => ['127.0.0.1', 'XXXXXXXX'],
];
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
// uncomment the following to add your IP if you are not connecting from localhost.
'allowedIPs' => ['127.0.0.1', 'XXXXXXX'],
];
}
return $config;
Request Body:
{
"requiresCounts":true,
"params":{
"_csrf":"XXXXXXXXXXXXXXXXXXXXXXXXXXX=="
},
"_csrf":"XXXXXXXXXXXXXXXXXXXXXXXXXXX=="
}