yii2: Tons of yii\web\BadRequestHttpException: Unable to verify your data submission
What steps will reproduce the problem?
I got tons of yii\web\BadRequestHttpException: Unable to verify your data submission in my logs since the latest updates, what is going on?
Additional info
2021-02-12 00:59:16 [176.59.73.204][-][-][error][yii\web\HttpException:400] yii\web\BadRequestHttpException: Unable to verify your data submission. in /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/web/Controller.php:209
Stack trace:
#0 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Controller.php(179): yii\web\Controller->beforeAction()
#1 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Module.php(534): yii\base\Controller->runAction()
#2 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/web/Application.php(104): yii\base\Module->runAction()
#3 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Application.php(392): yii\web\Application->handleRequest()
#4 /home/pelock/www/public_html/pelock.com/frontend/web/index.php(20): yii\base\Application->run()
The exception is thrown at:
/**
* {@inheritdoc}
*/
public function beforeAction($action)
{
if (parent::beforeAction($action)) {
if ($this->enableCsrfValidation && Yii::$app->getErrorHandler()->exception === null && !$this->request->validateCsrfToken()) {
throw new BadRequestHttpException(Yii::t('yii', 'Unable to verify your data submission.'));
}
return true;
}
return false;
}
My config:
$config = [
'components' => [
'session' => [
'cookieParams' => [
'httpOnly' => true,
'secure' => true,
'sameSite' => yii\web\Cookie::SAME_SITE_STRICT
]
],
'request' => [
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
'cookieValidationKey' => 'XXX',
'csrfCookie' => [
'httpOnly' => true,
'secure' => true,
'sameSite' => yii\web\Cookie::SAME_SITE_STRICT
],
],
],
];
But why now, after the update??? I know Chrome 88 rolled out, but is it related?
I’m looking at the logs right now, check this out:
2021-02-12 00:59:16 [XXX][-][-][error][yii\web\HttpException:400] yii\web\BadRequestHttpException: Unable to verify your data submission. in /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/web/Controller.php:209
Stack trace:
#0 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Controller.php(179): yii\web\Controller->beforeAction()
#1 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Module.php(534): yii\base\Controller->runAction()
#2 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/web/Application.php(104): yii\base\Module->runAction()
#3 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Application.php(392): yii\web\Application->handleRequest()
#4 /home/pelock/www/public_html/pelock.com/frontend/web/index.php(20): yii\base\Application->run()
#5 {main}
2021-02-12 00:59:16 [XXX][-][-][info][application] $_GET = [
'group' => 'products'
'name' => 'hash-calculator'
]
$_POST = [
'_csrf' => 'KDXpDuKdX9Ad-jgo9oVQmiZC8jnf9nSD2qFZ6fKHUZl8ftk8g_AFmnStbE2C4RqiFQuYCeqROLqS7xCwmuMnzA=='
'HashCalculatorForm' => [
'value' => 'df24f3f8b8ec46f5857f547ff05584fa
'
'crlf' => '1'
]
'calculate-hash' => ''
]
$_FILES = []
$_COOKIE = []
$_SERVER = [
'USER' => 'pelock'
'HOME' => '/home/pelock'
'HTTP_ACCEPT_LANGUAGE' => 'ru-RU,en-US;q=0.9'
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate'
'HTTP_REFERER' => 'https://www.pelock.com/products/hash-calculator'
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8'
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Linux; U; Android 10; ru-ru; Redmi Note 9S Build/QKQ1.191215.002) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.6.2-gn'
'HTTP_CONTENT_TYPE' => 'application/x-www-form-urlencoded'
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1'
'HTTP_ORIGIN' => 'null'
'HTTP_CACHE_CONTROL' => 'max-age=0'
'HTTP_CONTENT_LENGTH' => '251'
'HTTP_HOST' => 'www.pelock.com'
'SCRIPT_FILENAME' => '/home/pelock/www/public_html/pelock.com/frontend/web/index.php'
'REDIRECT_STATUS' => '200'
'SERVER_NAME' => 'www.pelock.com'
'SERVER_PORT' => '443'
'SERVER_ADDR' => 'XXX'
'REMOTE_PORT' => 'XXX'
'REMOTE_ADDR' => 'XXX'
'SERVER_SOFTWARE' => 'nginx/1.19.6'
'GATEWAY_INTERFACE' => 'CGI/1.1'
'HTTPS' => 'on'
'REQUEST_SCHEME' => 'https'
'SERVER_PROTOCOL' => 'HTTP/2.0'
'DOCUMENT_ROOT' => '/home/pelock/www/public_html/pelock.com/frontend/web'
'DOCUMENT_URI' => '/index.php'
'REQUEST_URI' => '/products/hash-calculator'
'SCRIPT_NAME' => '/index.php'
'CONTENT_LENGTH' => '251'
'CONTENT_TYPE' => 'application/x-www-form-urlencoded'
'REQUEST_METHOD' => 'POST'
'QUERY_STRING' => ''
'FCGI_ROLE' => 'RESPONDER'
'PHP_SELF' => '/index.php'
'REQUEST_TIME_FLOAT' => 1613091556.1384
'REQUEST_TIME' => 1613091556
]
The cookies array is empty… But in other entries it’s not:
2021-02-12 11:35:20 [XXX][-][-][error][yii\web\HttpException:400] yii\web\BadRequestHttpException: Unable to verify your data submission. in /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/web/Controller.php:209
Stack trace:
#0 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Controller.php(179): yii\web\Controller->beforeAction()
#1 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Module.php(534): yii\base\Controller->runAction()
#2 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/web/Application.php(104): yii\base\Module->runAction()
#3 /home/pelock/www/public_html/pelock.com/vendor/yiisoft/yii2/base/Application.php(392): yii\web\Application->handleRequest()
#4 /home/pelock/www/public_html/pelock.com/frontend/web/index.php(20): yii\base\Application->run()
#5 {main}
2021-02-12 11:35:20 [XXX][-][-][info][application] $_GET = []
$_POST = [
'_csrf' => 'NoE5_KkQkpYs3ekiJlJfqabEjeieVUNb58KlqtPMavFn92y4nFPd2BuEoBQXYHKY6ozq0Kg4cC2znffTl_QDtA=='
'CheckoutForm' => [
'name' => '...'
]
]
$_FILES = []
$_COOKIE = [
'crisp-client%2Fsession%2F022e663c-63c0-43f9-aea2-2d2215e75e4a' => 'session_7af7b028-74d0-4885-baf1-16f54ac79077'
'PHPSESSID' => '5c8r8j250dj9v21ljf1v79et1a'
'_csrf' => '36635741d3e942ee64945ae2f085a5092ddfa552c3f6531af675a3758cf3e9fda:2:{i:0;s:5:\"_csrf\";i:1;s:32:\"phNVEwgHG_kPoAtyoXAxvgh8uLzS1OiG\";}'
]
| Q | A |
|---|---|
| Yii version | 2.0.40 |
| PHP version | 7.4.14 |
| Operating system | Debian 10 |
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 1
- Comments: 55 (20 by maintainers)
backend/config/main-local.php
'components' => [ 'request' => [ //!!! insert a secret key in the following (if it is empty) - this is required by cookie validation 'cookieValidationKey' => 'unique key here', 'csrfParam' => '_csrf-backend', **'csrfCookie' => [ 'httpOnly' => true, 'path' => '/admin/', ],** ],frontend/config/main-local.php
'components' => [ 'request' => [ //!!! insert a secret key in the following (if it is empty) - this is required by cookie validation 'cookieValidationKey' => 'unique key here', 'csrfParam' => '_csrf-frontend', **'csrfCookie' => [ 'httpOnly' => true, 'path' => '/', ],** ],for me solved without disabling CSRF. good luck
@bizley @samdark
Ok. From which version of Yii you have upgraded to 2.0.40? Is changing back to the previous one fixes the problem in Chrome 88?