request component, why does Bad Request (#400) occur and it doesn't work in the console?

N

nepster-web2014-03-09 23:46:41

Yii

nepster-web, 2014-03-09 23:46:41

I configured the advanced application , the main settings are in common/config. I'm specifically interested in the request
component , now it looks like this:

...
  'components' => [
    'request' => [
            'enableCsrfValidation' => false,
      'enableCookieValidation' => false
        ],
...

So what is the problem. yii command does not work with current settings

exception 'yii\base\UnknownPropertyException' with message 'Setting unknown prop
erty: yii\console\Request::enableCsrfValidation' in F:\OpenServer\domains\portf.
ru\vendor\yiisoft\yii2\base\Component.php:193
Stack trace:
#0 F:\OpenServer\domains\portf.ru\vendor\yiisoft\yii2\BaseYii.php(517): yii\base
\Component->__set('enableCsrfValid...', false)
#1 F:\OpenServer\domains\portf.ru\vendor\yiisoft\yii2\base\Object.php(105): yii\
BaseYii::configure(Object(yii\console\Request), Array)
#2 F:\OpenServer\domains\portf.ru\vendor\yiisoft\yii2\BaseYii.php(373): yii\base
\Object->__construct(Array)
#3 F:\OpenServer\domains\portf.ru\vendor\yiisoft\yii2\base\Module.php(452): yii\
BaseYii::createObject(Array)
#4 F:\OpenServer\domains\portf.ru\vendor\yiisoft\yii2\base\Application.php(433):
 yii\base\Module->getComponent('request')
#5 F:\OpenServer\domains\portf.ru\vendor\yiisoft\yii2\base\Application.php(289):
 yii\base\Application->getRequest()
#6 F:\OpenServer\domains\portf.ru\yii(30): yii\base\Application->run()
#7 {main}

I need to connect something, but I can’t understand how and where. The fact is that the problem is that the site only works with the OS console.
Now we do this:

...
  'components' => [
    'request' => [
            'enableCsrfValidation' => true,
      'enableCookieValidation' => true
        ],
...

The console still does not work, and when I log in to the site, I get into:

Bad Request (#400)
Не удалось проверить переданные данные.

In this case, the generated html code has:

...
<meta name="csrf-param" content="_csrf">
<meta name="csrf-token" content="QlNMVC54c2YgAXwhcTQdBAY1FnlLNScwGyIZDWscRwByKyUQXxJLFQ==">
...
<form id="login-form" action="/admin/users/default/login" method="post">
<input type="hidden" name="_csrf" value="QlNMVC54c2YgAXwhcTQdBAY1FnlLNScwGyIZDWscRwByKyUQXxJLFQ==">  
...

Further, if I just comment out the connection of this component, the console will work , and the site will still have a Bad Request (# 400)
during authorization. Tell me, please, what is the problem?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

Y

Yuri Morozov, 2014-03-10
@nepster-web

First, don't disable csrf.
Secondly, console applications really don't have the enableCsrfValidation parameter - that's why they are console applications :) For console applications, create a separate config.
And thirdly, about error400: yii\web\Controller also has such a parameter, try disabling it.