Why is this happening with CSRF in Yii2?

A

Artyom2015-10-04 12:56:42

Yii

Artyom, 2015-10-04 12:56:42

Hello. Please tell me why this is happening. I configured it so that it was not necessary to log in all the time, and the authorization was preserved for a long time:

'request' => [
            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
            'class' => 'app\assets\*********',
            'cookieValidationKey' => '*********************',
            'enableCookieValidation' => true,
            'enableCsrfCookie' => true,
            'enableCsrfValidation' => true,
        ],
        'session' => [
            'class' => 'yii\web\Session',
            'cookieParams' => ['lifetime' => 3600*24*30*12],
            'timeout' => 3600*24*30*12,
            'useCookies' => true,
        ],

In layout in the head tag:
<?= Html::csrfMetaTags();?>
Forms use ActionForm .
Everything seems to be fine. Works, does not crash. But now CSRF check fails on POST requests. Writes "Failed to verify the authenticity of the request." I can't understand why. Help me please.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Artyom, 2015-10-04
@DeOne

Problem solved. I didn’t even imagine that because of such nonsense it would not work.
There was no layout in the layout
Because of this, CSRF was not regenerated.

A

Andrey Pavlenko, 2015-10-04
@Akdmeh

This information is not enough. Check and add the following sections of code to your message: is there a csrf connection in the layout file using the Html helper; whether you are using the ActionForm widget or the Html::beginForm helper to display the form (they automatically add a CSRF tag); if you use - did you put POST.