My log files are filled with these errors
2021-11-19 12:39:42 [27.xxx.xxx.xxx][1958][gi96uqh6atadlbsg2ksjfltd9e][error][yii\web\HttpException:400] yii\web\BadRequestHttpException: Unable to verify your data submission. in /var/www/html/vendor/yiisoft/yii2/web/Controller.php:218
Can’t seem to figure out why. As i can’t replicate the problem either.
I’ve read this, but the solution doesn’t apply to me as all my forms are created using $form = ActiveForm::begin([]) and i’m not uploading files.
in my <header> i have this
<meta name="csrf-param" content="_csrf-frontend">
<meta name="csrf-token" content="oidpfJVSR28kMxgD4loRdgIs3TCRVITuR6Ly3Z587nLxdgIt-h8XIlFbSECzCEgHUmqaQ9InwaIYzJ2u-ySaIw==">
and because i use $form = ActiveForm::begin([]), for my form there is this hidden field
<form id="form-small" action="/frontend/web/search/" method="post">
<input type="hidden" name="_csrf-frontend" value="oidpfJVSR28kMxgD4loRdgIs3TCRVITuR6Ly3Z587nLxdgIt-h8XIlFbSECzCEgHUmqaQ9InwaIYzJ2u-ySaIw==">
i also have this JS in my footer.
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': 'oidpfJVSR28kMxgD4loRdgIs3TCRVITuR6Ly3Z587nLxdgIt-h8XIlFbSECzCEgHUmqaQ9InwaIYzJ2u-ySaIw=='
}
});
The error seems to show on login, registration and my search forms only.
And i DO NOT want to turn CSRF off either.
I edited yii/framework/web/Request.php
and added the code below before line 841
echo ' -- start--';
echo '<br><br><br>';
print_r($trueToken);
echo '<br><br><br>';
print_r($this->getBodyParam($this->csrfParam));
echo '<br><br><br>';
print_r($this->getCsrfTokenFromHeader());
echo '<br><br><br>';
echo ' -- end--';
die;
every time i submit my form. the $trueToken token seems to be different. even when i don’t refresh the page.
like below
-- start--
S-r869794GPYBi8voh-dXVDFLLWl8GvWhw6Qvn4c7icYu5e6sbCwLq1uf2zzTcQsAINrxuaDLprYYP_NG0Sadg==
b4GMJgf6dmn8H64oljr6uxokFC2WbQeLP4bY_SI-7Pg80Od3aLcmJIl3_mvHaKPKSmJTXtUeQsdg6LeOR2aYqQ==
b4GMJgf6dmn8H64oljr6uxokFC2WbQeLP4bY_SI-7Pg80Od3aLcmJIl3_mvHaKPKSmJTXtUeQsdg6LeOR2aYqQ==
-- end--
Any idea how to fix this? Thank you.