yii2: Bad Request (#400) COOKIE don`t work
What steps will reproduce the problem?
Not working COOKIE on web-server! COOKIE don`t work!
Я пытаюсь отправить банальную форму, и в ответ получаю ошибку. Также хочу заметить, что я уже давно работаю с yii2, но подобных проблем никогда не возникало. Возможно это баг в новой версии yii2.
Проблема встречается в браузере Опера и IE11 и Яндекс браузере, в GoogleCrome работает нормально без ошибок. Проблема внезапно может возникнуть, и внезапно может пропасть.
Куки не отправляются в Опера и IE11 и Яндекс браузере, при открытии страницы ,браузера запросом GET
$_COOKIE
Empty.
GET - В браузере GoogleCrome всё удачно, куки отправляются.
$_COOKIE
Name Value
_csrf 'fc3c1618b6f4a5b255e346373begh4634g34333434h34h0f0bece0c86dc2623f2d7a:2:{i:0;s:5:\"_csrf\";i:1;s:32:\"KHY6QUylyq6j346346346347UrfHOqzMd\";}'
При отправки формы, ключ _csrf отправляется на сервер, его даже видно в debug
$_POST FORM
Name Value
_csrf 'T0VJc0REV2giFXAsHjA7JgcIFhAodTJbBTEuOXQOHjIOdR04NyZkJg=='
Также ключ _csrf есть в html:
<!DOCTYPE html>
<html lang="ru-RU">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="csrf-param" content="_csrf">
<meta name="csrf-token" content="T0VJc0REV2giFXAsHjA7JgcIFhAodTJbBTEuOXQOHjIOdR04NyZkJg==">
<title></title>
</head>
<body>
<form id="login-form" action="/index.php?r=site/login" method="post" role="form">
<input type="hidden" name="_csrf" value="T0VJc0REV2giFXAsHjA7JgcIFhAodTJbBTEuOXQOHjIOdR04NyZkJg==">
<div class="form-group field-loginform-username required">
<label class="control-label" for="loginform-username">Username</label>
<input type="text" id="loginform-username" class="form-control" name="LoginForm[username]" autofocus aria-required="true">
<p class="help-block help-block-error"></p>
</div>
<div class="form-group field-loginform-password required">
<label class="control-label" for="loginform-password">Password</label>
<input type="password" id="loginform-password" class="form-control" name="LoginForm[password]" aria-required="true">
<p class="help-block help-block-error"></p>
</div>
<div class="form-group field-loginform-rememberme">
<div class="checkbox">
<label for="loginform-rememberme">
<input type="hidden" name="LoginForm[rememberMe]" value="0"><input type="checkbox" id="loginform-rememberme" name="LoginForm[rememberMe]" value="1" checked>
Remember Me
</label>
<p class="help-block help-block-error"></p>
</div>
</div>
<button type="submit" class="" name="login-button">Login</button>
</form>
. . . . . . .
Но если попытатся вывести куки в контроллере, то этот ключ мы не увидем, а увидем этот лог, где ключа _csrf нету:
Yii::$app->response->cookies->add(new \yii\web\Cookie([
'name' => 'test',
'value' => 'testValue'
]));
var_dump(Yii::$app->request->cookies);
var_dump('<br>');
object(yii\web\CookieCollection)#57 (2) { ["readOnly"]=> bool(true) ["_cookies":"yii\web\CookieCollection":private]=> array(0) { } } string(4) "
What do you get instead?
После отправки формы, получаем ошибку
Bad Request (#400)
Не удалось проверить переданные данные. The above error occurred while the Web server was processing your request.
Please contact us if you think this is a server error. Thank you.
yii\web\BadRequestHttpException: Не удалось проверить переданные данные. in /home/c/mysite/mysite/vendor/yiisoft/yii2/web/Controller.php:166
Stack trace:
#0 /home/c/mysite/mysite/vendor/yiisoft/yii2/base/Controller.php(154): yii\web\Controller->beforeAction(Object(yii\base\InlineAction))
#1 /home/c/mysite/mysite/vendor/yiisoft/yii2/base/Module.php(523): yii\base\Controller->runAction('login', Array)
#2 /home/c/mysite/mysite/vendor/yiisoft/yii2/web/Application.php(102): yii\base\Module->runAction('site/login', Array)
#3 /home/c/mysite/mysite/vendor/yiisoft/yii2/base/Application.php(380): yii\web\Application->handleRequest(Object(yii\web\Request))
#4 /home/c/mysite/mysite/public_html/index.php(12): yii\base\Application->run()
#5 {main}
Additional info
Controller
<?php
namespace app\controllers;
use Yii;
use yii\filters\AccessControl;
use yii\web\Controller;
use yii\filters\VerbFilter;
use app\models\LoginForm;
use app\models\ContactForm;
class SiteController extends Controller
{
public function actions()
{
return [
'error' => [
'class' => 'yii\web\ErrorAction',
],
];
}
/**
* Displays homepage.
*
* @return string
*/
public function actionIndex()
{
return $this->render('index');
}
/**
* Login action.
*
* @return string
*/
public function actionLogin()
{
//LOG TEST ================
Yii::$app->response->cookies->add(new \yii\web\Cookie([
'name' => 'test',
'value' => 'testValue'
]));
var_dump(Yii::$app->request->cookies);
var_dump('<br>');
//LOG TEST ================
if (!Yii::$app->user->isGuest) {
return $this->goHome();
}
$model = new LoginForm();
if ($model->load(Yii::$app->request->post()) && $model->login()) {
return $this->goBack();
}
return $this->render('login', [
'model' => $model,
]);
}
/**
* Logout action.
*
* @return string
*/
public function actionLogout()
{
Yii::$app->user->logout();
return $this->goHome();
}
/**
* Displays about page.
*
* @return string
*/
public function actionAbout()
{
return $this->render('about');
}
}
main.php (layouts)
<?php
use yii\helpers\Html;
?>
<?php $this->beginPage() ?>
<!DOCTYPE html>
<html lang="<?= Yii::$app->language ?>">
<head>
<meta charset="<?= Yii::$app->charset ?>">
<meta name="viewport" content="width=device-width, initial-scale=1">
<?= Html::csrfMetaTags() ?>
<title><?= Html::encode($this->title) ?></title>
<?php $this->head() ?>
</head>
<body>
<?php $this->beginBody() ?>
<?= $content ?>
<?php $this->endBody() ?>
</body>
</html>
<?php $this->endPage() ?>
login.php(view)
<?php
use yii\helpers\Html;
use yii\bootstrap\ActiveForm;
?>
<?php
$form = ActiveForm::begin(['id' => 'login-form']);
?>
<?= $form->field($model, 'username')->textInput(['autofocus' => true]) ?>
<?= $form->field($model, 'password')->passwordInput() ?>
<?= $form->field($model, 'rememberMe')->checkbox() ?>
<?= Html::submitButton('Login', ['class' => '', 'name' => 'login-button']) ?>
<?php
ActiveForm::end();
?>
LoginForm.php (model)
<?php
namespace app\models;
use Yii;
use yii\base\Model;
/**
* LoginForm is the model behind the login form.
*
* @property User|null $user This property is read-only.
*
*/
class LoginForm extends Model
{
public $username;
public $password;
public $rememberMe = true;
private $_user = false;
/**
* @return array the validation rules.
*/
public function rules()
{
return [
// username and password are both required
[['username', 'password'], 'required'],
// rememberMe must be a boolean value
['rememberMe', 'boolean'],
// password is validated by validatePassword()
['password', 'validatePassword'],
];
}
/**
* Validates the password.
* This method serves as the inline validation for password.
*
* @param string $attribute the attribute currently being validated
* @param array $params the additional name-value pairs given in the rule
*/
public function validatePassword($attribute, $params)
{
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
/**
* Logs in a user using the provided username and password.
* @return bool whether the user is logged in successfully
*/
public function login()
{
if ($this->validate()) {
return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);
}
return false;
}
/**
* Finds user by [[username]]
*
* @return User|null
*/
public function getUser()
{
if ($this->_user === false) {
$this->_user = User::findByUsername($this->username);
}
return $this->_user;
}
}
web.php (config)
<?php
$params = require(__DIR__ . '/params.php');
$config = [
'id' => 'basic',
'name'=>'NameProgect',
'language' => 'ru-RU',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'modules' => [
//модуль авторизации
'auth' => [
'class' => 'app\modules\auth\index',
],
],
'components' => [
'request' => [
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
'cookieValidationKey' => '0Y5Iwgrre4gege4ege1xe5ueu55uPm',
],
'cache' => [
'class' => 'yii\caching\FileCache',
],
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => true,
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
// send all mails to a file by default. You have to set
// 'useFileTransport' to false and configure a transport
// for the mailer to send real emails.
'useFileTransport' => false,
],
'session' => [
'class' => 'yii\web\DbSession',
'db' => 'db', // ID компонента для взаимодействия с БД. По умолчанию 'db'.
'sessionTable' => 'session', // название таблицы для хранения данных сессии. По умолчанию 'session'.
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'db' => require(__DIR__ . '/db.php'),
],
'params' => $params,
];
if (YII_ENV_DEV) {
// configuration adjustments for 'dev' environment
$config['bootstrap'][] = 'debug';
$config['modules']['debug'] = [
'class' => 'yii\debug\Module',
// uncomment the following to add your IP if you are not connecting from localhost.
'allowedIPs' => ['127.0.0.1', '::1'],
];
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
// uncomment the following to add your IP if you are not connecting from localhost.
'allowedIPs' => ['127.0.0.1', '::1'],
];
}
return $config;
mysite/web root .htaccess
RewriteEngine on
# Если запрашиваемая в URL директория или файл существуют обращаемся к ним напрямую
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Если нет - перенаправляем запрос на index.php
RewriteRule . index.php
mysite/web root index.php
<?php
// comment out the following two lines when deployed to production
//defined('YII_DEBUG') or define('YII_DEBUG', true);
//defined('YII_ENV') or define('YII_ENV', 'dev');
require(__DIR__ . '/../vendor/autoload.php');
require(__DIR__ . '/../vendor/yiisoft/yii2/Yii.php');
$config = require(__DIR__ . '/../config/web.php');
(new yii\web\Application($config))->run();
| Q | A |
|---|---|
| Yii version | 2.0.11.2 |
| PHP version | 7.0.15 |
| Operating system | Win 8.1 Professional |
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 17 (6 by maintainers)
I hit the same problem today. Here is what I did to fix it:
Change line 1366 in file request.php: from: $token = Yii::$app->getSecurity()->generateRandomKey(); to: $token = Yii::$app->getSecurity()->generateRandomString();
OR
If you don’t want to change the source code, you may change your configuration:
From my understanding, when $token is in binary form, sometimes cookie from browser can’t convert back to it’s original value.
воспроизведу