Why does Bad Request (#400) crash on Logout?

A

Alexander Ivanov2018-02-28 19:33:44

Yii

Alexander Ivanov, 2018-02-28 19:33:44

The error appeared after I remade logout, replacing the link with a picture.
Controller

public function actionLogout()
    {
    
        Yii::$app->user->logout();

        return $this->goHome();
    }

The form

<div class="wrap">
    <?php
  $status = Yii::$app->user->identity->status; 
  $ava = Yii::$app->user->identity->ava;
  if($ava==''){$ava='/images/defaulte.jpg';}
    NavBar::begin([
        'brandLabel' => 'YII 2',
        'brandUrl' => 'https://github.com/yiisoft/yii2/tree/master/docs/guide-ru',
        'options' => [
            'class' => 'navbar-inverse navbar-fixed-top',
        ],
    ]);
    $menuItems = [
        ['label' => 'Главная', 'url' => ['/site/index']],
        ['label' => 'Обратная связь', 'url' => ['/site/contact']],
    
    
    
    ];
    if (Yii::$app->user->isGuest) {
        $menuItems[] = ['label' => 'Регистрация', 'url' => ['/site/signup']];
        $menuItems[] = ['label' => 'Авторизация', 'url' => ['/site/login']];
  }
    else {
    if($status == 'admin'){
    $menuItems[] = ['label' => 'Админка', 'url' => ['/site/admin']];
    }
    
    $menuItems[] = ['label' => 'Личный кабинет', 'url' => ['/site/account']];
        $menuItems[] = '<li>'
            . Html::beginForm(['/site/logout'], 'post')
      ."<img class='profile_img' src='$baseUrl$ava'>"
      . '<div class="user_name">' .Yii::$app->user->identity->username .'</div>'
            . Html::submitButton(			       
                 "<img class='img_logout' src='$baseUrl/images/exit.png'>",
                ['class' => 'btn btn-link logout',
         'style' => 'background-image:url('.$baseUrl .'/images/exit.png' .')']
            )		
            . Html::endForm()
            . '</li>';
    
    $menuItems[] = '<li>'
            . Html::beginForm(['/site/edit'], 'post')
            . Html::submitButton(			       
                 "<img class='img_edit' src='$baseUrl/images/edit_profile.png'>",
                ['class' => 'btn btn-link logout']
            )		
            . Html::endForm()
            . '</li>';
    }
    echo Nav::widget([
        'options' => ['class' => 'navbar-nav navbar-right'],
        'items' => $menuItems,
    
    ]);
    NavBar::end();
    ?>

For some time everything worked fine, then an error began to fly out during the logout and when switching to editing the profile. On the Runet, I found 2 answers:
1) You need to transfer a token. (It is not clear why you should transfer it when leaving their profile)
2) You need to write Html::beginForm(['/site/logout'], 'post') in square brackets, which I had originally.
Is there another explanation for this error?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry, 2018-02-28
@slo_nik

Good evening.
It is not clear why you created the form, all this can be solved with regular links. The error may occur due to the absence of a CSRF token in the form. If you use a form, then yes, you need to transfer the token. But this is redundant. The form is not needed for the sake of logout.
Well, check the urlManager () rules, maybe they are the problem.
You can also clear cookies and cache.
And yet, check if you have such a line in your template<?= Html::csrfMetaTags() ?>