Yii2 - Bad Request (#400) Unable to verify your data submission

I'm using the advanced template and ran into this issue. After much head banging I noticed the _csrf meta tag used in yii's baked in forms was named "_csrf-frontend" (on the frontend of course). Also the request cookie was named the same.

Provided the header in your layout is registering the meta tag

<?php $this->registerCsrfMetaTags() ?>

Submit _csrf with the same name as the meta tag in your ajax. Yii provides helper for this also

<?=Yii::$app->request->csrfParam?>

Quick example:

var postData = {
   someparam : somevalue,
   '<?=Yii::$app->request->csrfParam?>': '<?=Yii::$app->request->getCsrfToken()?>'
}

$.ajax({
    type: 'post',
    data: postData,
    url: dataURL,
})

Helpful info here: https://yii2-cookbook-test.readthedocs.io/csrf/


There are two ways you can try. First increase post_max_size size in php.ini. Second run composer update and clear cookie as follow: - composer self-update - composer update - clear cookie


Use this :

public function beforeAction($action) 
{ 
    $this->enableCsrfValidation = false; 
    return parent::beforeAction($action); 
}

Do not disable CSRF


You can use below configuration in your main config file to globally disable csrf validation in whole application.

$config = [
    'components' => [
        'request' => [
            'enableCsrfValidation' => false,
        ],
    ],
];

Tags:

Php

Yii

Yii2