HTTP 400 Unable to verify your data submission.

Hi there,

My Yii 2 application was progressing well until I received an unusual error about a bad HTTP request. The error is:

HTTP 400 Unable to verify your data submission.

I have looked it up and much of the literature indicates the cause being due to a CSRF issue. However my CSRF stuff all looks ok and I would prefer to have feature in the application. Also when I switch it off it appears that redirects $this->back() , $this->goHome() have stopped working.

In order to try and identify the source of the problem, I have installed a fresh copy of yii using the following command :

composer create-project yiisoft/yii2-app-advanced advanced 2.0.8

and then tried to login to the newly generated website (without any of my own code added). The error is still there and I am receiving the HTTP 400 error.

The version of composer I am using is :

Composer version 1.1.1 2016-05-17 12:25:44

And the composer.json file is below. Would anyone mind trying this in their own environment to determine if this issue is a general one or specific to my environment. I am not sure how to trace back the cause of the error as the logs are not reporting anything about it. Thanks for any help you can offer.



"name": "yiisoft/yii2-app-advanced",

"description": "Yii 2 Advanced Project Template",

"keywords": ["yii2", "framework", "advanced", "project template"],

"homepage": "",

"type": "project",

"license": "BSD-3-Clause",

"support": {

    "issues": "",

    "forum": "",

    "wiki": "",

    "irc": "irc://",

    "source": ""


"minimum-stability": "stable",

"require": {

    "php": ">=5.4.0",

    "yiisoft/yii2": ">=2.0.6",

    "yiisoft/yii2-bootstrap": "*",

    "yiisoft/yii2-swiftmailer": "*"


"require-dev": {

    "yiisoft/yii2-codeception": "*",

    "yiisoft/yii2-debug": "*",

    "yiisoft/yii2-gii": "*",

    "yiisoft/yii2-faker": "*"


"config": {

    "process-timeout": 1800


"extra": {

    "asset-installer-paths": {

        "npm-asset-library": "vendor/npm",

        "bower-asset-library": "vendor/bower"



"scripts": {

    "post-install-cmd": "php init --env=Development --overwrite=n"



Have you checked with your request and response headers for CSRF Token?