Gii Model Generator 'Unable to verify your data submission' error

I’m getting the following error when trying to create a model with the Gii Model Generator:

Bad Request (#400)

Unable to verify your data submission.

I’ve seen lots of posts online about a CSRF issue with cookies or that one should disable CSRF. I’d rather not do that if possible. My Gii Model form has the following hidden field, which I think is appropriate:

<input type="hidden" name="_csrf-frontend" value="-oftOmWPFHWDZwFHqIvJ5aKOG5iToc0x2txZDHRIeE4laTjiVyajCMcKwKiaX2Tbxsu65BBKOpk74SxzyEz55w==">

My php.ini file also has

file_uploads = On

upload_max_filesize = 2M

max_file_uploads = 20

I’ve also updated my composer in my project folder by running ‘composer update’. Now I am on Yii version 2.0.12. My project is using the Yii advanced template. I’m baffled with what else to try. Anyone have any ideas?


First off, the php.ini shouldn’t have anything to do with this. Your generating files on the server, not uploading them.

Next: Mine has the hidden field

<input type="hidden" name="_csrf-frontend" value="4mKmsgFy2eEfhbJF...

I also noticed that there are 2 <meta> tag in the <head> section

    <meta name="csrf-param" content="_csrf-frontend">

    <meta name="csrf-token" content="4mKmsgFy2eEfhbJF...

Can you generate ANYTHING in Gii? Try generating a Controller with and index action.

An other thought is CAN the webserver write to the directory? Just spit-balling here.

I have those additional meta tags as well. And no, nothing in Gii works. If I try to create a controller I get the same error message.

Additional info I have discovered. The problem occurs with any form that is submitted. This includes the advanced template login template as well as signup. What’s interesting is that the problem occurs on some development machines but not others with the same code base. At first I thought it was a php version issue and therefore made sure each dev machine was running the same version. Unfortunately, that did not resolve the issue.

Something to try.

Turn off the csrf validation in the config file(s)

If still the same problem, not sure where to check next.

If works, it may help point the direction.