Error 400 by sending

[wedot]

Hello

I'm using your form plugin on meany pages. It is a cool plugin thx for your work.

At the moment i have a problem with the plugin by sending. I allways get this error:

2019-03-01 07:05:45 [-][-][7e7a9f6b64a395c7ff10dfd1fbd42328][error][yii\web\HttpException:400] yii\web\BadRequestHttpException: Es ist nicht möglich, Ihre Dateneingabe zu prüfen. in /home/bkdesign/public_html/bk_web_v1/vendor/yiisoft/yii2/web/Controller.php:166
Stack trace:
#0 /home/bkdesign/public_html/bk_web_v1/vendor/craftcms/cms/src/web/Controller.php(88): yii\web\Controller->beforeAction(Object(yii\base\InlineAction))
#1 /home/bkdesign/public_html/bk_web_v1/vendor/yiisoft/yii2/base/Controller.php(155): craft\web\Controller->beforeAction(Object(yii\base\InlineAction))
#2 /home/bkdesign/public_html/bk_web_v1/vendor/craftcms/cms/src/web/Controller.php(109): yii\base\Controller->runAction('send', Array)
#3 /home/bkdesign/public_html/bk_web_v1/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('send', Array)
#4 /home/bkdesign/public_html/bk_web_v1/vendor/craftcms/cms/src/web/Application.php(297): yii\base\Module->runAction('wheelform/messa...', Array)
#5 /home/bkdesign/public_html/bk_web_v1/vendor/craftcms/cms/src/web/Application.php(561): craft\web\Application->runAction('wheelform/messa...', Array)
#6 /home/bkdesign/public_html/bk_web_v1/vendor/craftcms/cms/src/web/Application.php(281): craft\web\Application->_processActionRequest(Object(craft\web\Request))
#7 /home/bkdesign/public_html/bk_web_v1/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))
#8 /home/bkdesign/public_html/bk_web_v1/web/index.php(21): yii\base\Application->run()
#9 {main}
2019-03-01 07:05:45 [-][-][7e7a9f6b64a395c7ff10dfd1fbd42328][info][application] $_GET = []

$_POST = [
    'CSRF' => 'AaH9YYMw3Z5RBE-L0OhZXDFzFACIwdOXrUkT6-aBtAUCOeeqG1WKzRhABwx8sxkP3o84b9WwKtdm3NC_qcU6G8CXTjrETzFo16BuNO5s0UssFpY1I5ysfe9o10GPwJSrAp77yDkL9gGwbIX9i5P-cdk9HE4DFusjehvPt_HvLbwPfQCj06iuET3UgH8Y5Ic38s-KuJz3nZ2WxbQiuwogpC7IohJheMY32U79qJSM9NLSgloV597BYf0w2G2ZqjvohPv63Lmr6GoMxYvPNUIvy2nFs1DGQPDUA2Aox-GQPzFIQmRj-ZKwruwsUI-K8oB9Y3qF_Ws6xK5keGZqHYR6NunuDVzjiRLnV-u02pikCSvz9SpZ9HkGWLKQCgPYCrN9TSOiBBOszxzcDO4jufCtzzSqzvANPZQ31gThs7rWjlyTb3gpTyeTRRdi_seSnn7fNjxl4LfE3SVFtcMdT5ToeZGzu8S4xeS5p_aQF4xQYcp9i_ZWEBr2b-4fy8vk9oGQp6w3eqjwsU7Jcu8nyMd2pvaiv5rLnL0GWK7Ri1FxXP0='
    'action' => 'wheelform/message/send'
    'form_id' => '1'
    'name' => 'dfghjk'
    'issue' => 'Traumbad planen'
    'email' => 'test@test.de'
    'phone' => 'fds'
    'message' => 'sdffdsfds fds fds fds '
]

I'm not sure how to fix that.

[wedot]

I use yout plugin in many projects, there everything works just fine. In the project i get this error i build the forms the same way then in the projects where everything is just working fine.

This is the code from the form:

<div id="contact_form_wrap">
	{% macro errorList(errors) %}
	    {% if errors %}
	        <ul class="errors">
	            {% for error in errors %}
	                <li>{{ error | t }}</li>
	            {% endfor %}
	        </ul>
	    {% endif %}
	{% endmacro %}
	{% from _self import errorList %}
	
    {{ wheelformErrors['form'] is defined ? errorList(wheelformErrors['form']) }}
	
	{% if craft.app.session.hasFlash('notice') %}
	    <div class="form_message notice"><p>{{ craft.app.session.getFlash('notice') }}</p></div>
	{% elseif craft.app.session.hasFlash('error') %}
	    <div class="form_message error"><p>{{ craft.app.session.getFlash('error') }}</p></div>
	{% endif %}
	
	<form id="form" method="post" action="" accept-charset="UTF-8" novalidate="" enctype="multipart/form-data"{% if craft.app.session.hasFlash('notice') %} class="hide"{% endif %}>
	    {{ csrfInput() }}
	    <input type="hidden" name="action" value="wheelform/message/send">
	    <input type="hidden" name="form_id" value="1">
	    <input class="hide" type="checkbox" name="noSp" value="1" tabindex="-1" autocomplete="off">
	    
	    <div class="form_row">
			<fieldset class="form_1of2 group{% if wheelformErrors['name'] is defined and wheelformErrors['name'] | length %} hasErrors{% endif %}">
			    <input id="name" type="text" name="name" value="{{ values['name'] ?? '' }}" required="">
			    <label for="name" class="required">{{ 'Name' | t }}</label>
			    {{ wheelformErrors['name'] is defined ? errorList(wheelformErrors['name']) }}
			</fieldset>
			<fieldset class="form_1of2 group{% if wheelformErrors['issue'] is defined and wheelformErrors['issue'] | length %} hasErrors{% endif %}">
			    <select name="issue" id="issue">
					<option value="" selected disabled hidden>{{ values['issue'] ?? 'Anliegen' | t }}</option>
					<option name="issue[]" value="Traumbad planen">{{ 'Traumbad planen' | t }}</option>
					<option name="issue[]" value="Traumküche planen">{{ 'Traumküche planen' | t }}</option>
					<option name="issue[]" value="Traumküche & Traumbad planen">{{ 'Traumküche und Traumbad planen' | t }}</option>
				</select>
				{{ wheelformErrors['issue'] is defined ? errorList(wheelformErrors['issue']) }}
			</fieldset>
	    </div>
	    <div class="form_row">
			<fieldset class="form_1of2 group{% if wheelformErrors['email'] is defined and wheelformErrors['email'] | length %} hasErrors{% endif %}">
			    <input id="email" type="text" name="email" value="{{ values['email'] ?? '' }}" required="">
			    <label for="email" class="required">{{ 'E-Mail' | t }}</label>
			    {{ wheelformErrors['email'] is defined ? errorList(wheelformErrors['email']) }}
			</fieldset>
			<fieldset class="form_1of2 group{% if wheelformErrors['phone'] is defined and wheelformErrors['phone'] | length %} hasErrors{% endif %}">
			    <input id="phone" type="text" name="phone" value="{{ values['phone'] ?? '' }}" required="">
			    <label for="name" class="required">{{ 'Telefonnummer' | t }}</label>
			    {{ wheelformErrors['phone'] is defined ? errorList(wheelformErrors['phone']) }}
			</fieldset>
	    </div>
		<fieldset class="group{% if wheelformErrors['message'] is defined and wheelformErrors['message'] | length %} hasErrors{% endif %}">
			<textarea rows="3" id="message" type="text" name="message" value="{{ values['message'] ?? '' }}" required="">{{ values['message'] ?? '' }}</textarea>
		    <label for="message" class="required">{{ 'Nachricht' | t }}</label>
		    {{ wheelformErrors['message'] is defined ? errorList(wheelformErrors['message']) }}
		</fieldset>
		
		<div>
			<button class="full" type="submit" form="form" value="{{ 'Senden' | t }}">{{ 'Senden' | t }}<div class="submit_loader">Loading...</div></button>
		</div>
	</form>
</div>
<div id="contact_form_thx" class="form_note">
	<h3 style="margin-bottom: 3rem;">Danke! Wir werden Ihre Nachricht in Kürze bearbeiten.</h3>
</div>

[xpertbot]

That error means your Request is not a POST, so maybe a redirect is happening?, like Apache .htaccess redirecting before the submission makes it through?

Because I tested the form on an Ubuntu 14.10 server and it worked correctly.

[jayhlee]

I'm getting a yii\web\HttpException:400 issue as well. In my case, I checked in Request from the Craft debugger and see that the request was a POST. Any idea as to what's causing the issue? Here's my stacktrace:

yii\web\BadRequestHttpException: Unable to verify your data submission. in /srv/users/sp/apps/acme/vendor/yiisoft/yii2/web/Controller.php:166

Stack trace:
#0 /srv/users/sp/apps/acme/vendor/craftcms/cms/src/web/Controller.php(88): yii\web\Controller->beforeAction(Object(yii\base\InlineAction))
#1 /srv/users/sp/apps/acme/vendor/yiisoft/yii2/base/Controller.php(155): craft\web\Controller->beforeAction(Object(yii\base\InlineAction))
#2 /srv/users/sp/apps/acme/vendor/craftcms/cms/src/web/Controller.php(109): yii\base\Controller->runAction('send', Array)
#3 /srv/users/sp/apps/acme/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('send', Array)
#4 /srv/users/sp/apps/acme/vendor/craftcms/cms/src/web/Application.php(297): yii\base\Module->runAction('wheelform/messa...', Array)
#5 /srv/users/sp/apps/acme/vendor/craftcms/cms/src/web/Application.php(561): craft\web\Application->runAction('wheelform/messa...', Array)
#6 /srv/users/sp/apps/acme/vendor/craftcms/cms/src/web/Application.php(281): craft\web\Application->_processActionRequest(Object(craft\web\Request))
#7 /srv/users/sp/apps/acme/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))
#8 /srv/users/sp/apps/acme/public/index.php(42): yii\base\Application->run()
#9 {main}

[xpertbot]

I believe these are Craft CSRF errors. I don't use Craft for complex Projects (I use Laravel) so I don't have much experience with many of Craft's nuances. I apologize I can't be of much help. But a quick google search lead me here.

BTW, I came to the conclusion it's Craft's error, because your trace doesn't even make it into the wheelform Controllers. so some type of middleware is blocking it. and the CSRF is a middleware. Test it by disabling it?

[jayhlee]

Thanks for the quick response. Yes, it seems like it works when CSRF is disabled. I'll bring up with issue with the folks at Craft. Thanks!

[tyssen]

@jayhlee I've just run into this too. Could you point me in the direction of the discussion with Craft so I can keep up to date with it?

[jayhlee]

@tyssen I actually haven't followed up on this issue yet with the good people at Craft, but it seems like this is the thread that's most germane to the issue at hand. https://github.com/craftcms/cms/issues/3330 I just disabled CSRF for now to get things to work. I'll actually post something on that thread right now.

[xpertbot]

@jayhlee I saw @brandonkelly response, I will take a deeper look at it.

[xpertbot]

@jayhlee @tyssen @wedot Can you guys confirm that you tested what Brandon says in the thread? Here about Chrome causing problems and trying it out with different browsers? specially if testing on Localhost, or same URL using SSL?

I just want to make sure All the necessary testing steps are done before moving forward, because I just tested on my Ubuntu server and it works correctly. I tried both Regular Post Submission and AJAX submission.

[xpertbot]

I released a new patch version that improves {{form.open()}} and uses Yii2 Core CSRF instead of Craft's CSRF hopefully by using the Core functionality instead of Craft's some of the problems go away. I honestly cannot replicate the error. Maybe some more details might help such as:

• Is it an Ajax submission? is it happening on the second submission?
• What OS is the server on?
• Is the URL the same as another development environment? (Cookies error, etc)

[wedot]

In the Time since the error I found out why it don't work out in my case.
Note: This method worked for a long time, but then something in Craft CMS or the Wheelform plugin changed. I have to say, that i don't tested a other form plugin until now to make a comparison with it.

I had a turned on the browser cache via htacsess. This was it:

<IfModule mod_expires.c>
	ExpiresActive on

# Perhaps better to whitelist expires rules? Perhaps.
	ExpiresDefault                          "access plus 1 month"

# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
	ExpiresByType text/cache-manifest       "access plus 0 seconds"

# Your document html
	ExpiresByType text/html                 "access plus 0 seconds"

# Data
	ExpiresByType text/xml                  "access plus 0 seconds"
	ExpiresByType application/xml           "access plus 0 seconds"
	ExpiresByType application/json          "access plus 0 seconds"

# Feed
	ExpiresByType application/rss+xml       "access plus 1 hour"
	ExpiresByType application/atom+xml      "access plus 1 hour"

# Favicon (cannot be renamed)
	ExpiresByType image/x-icon              "access plus 1 week"

# Media: images, video, audio
	ExpiresByType image/gif                 "access plus 1 month"
	ExpiresByType image/png                 "access plus 1 month"
	ExpiresByType image/jpeg                "access plus 1 month"
	ExpiresByType video/ogg                 "access plus 1 month"
	ExpiresByType audio/ogg                 "access plus 1 month"
	ExpiresByType video/mp4                 "access plus 1 month"
	ExpiresByType video/webm                "access plus 1 month"

# HTC files  (css3pie)
	ExpiresByType text/x-component          "access plus 1 month"

# Webfonts
	ExpiresByType application/x-font-ttf    "access plus 1 month"
	ExpiresByType font/opentype             "access plus 1 month"
	ExpiresByType application/x-font-woff   "access plus 1 month"
	ExpiresByType image/svg+xml             "access plus 1 month"
	ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

# CSS and JavaScript
	ExpiresByType text/css                  "access plus 1 month"
	ExpiresByType application/javascript    "access plus 1 month"
</IfModule>

I removed it for now. Plus I installed the Plugin No-Cache and wraped it around the form. For now it works out fine.

I've tested to send the form with ajax and with post.

[xpertbot]

hmm most likely it was caching the CSRF Token. That's something that gets refreshed every time a submission happens.

[wedot]

Probably.

The strange thing is that I've used this method for quite a while. It does work in other Craft 3 installations I have not updated until now.

[jayhlee]

@xpertbot It does seem like the issue had to do with caching. When I removed the {% cache %} tags from my template, the form submitted successfully. Is the only way to get around this to use the No-Cache plugin mentioned by @wedot ? Thanks, btw, for taking the time to built Wheelform and offer it for free. It's much appreciated!

[wedot]

@jayhlee You can install the No-Cache Plugin. You find it in the plugin store.

@xpertbot I agree with that. Thanks for the great plugin. You do and did a great job 👍🏻

[xpertbot]

There's something we can do about this actually, That way you don't have to pollute your Craft with Plugins. There is a Yii2 (That's the framework behind Craft) JS call that can refresh the CSRF Token when the page is loaded, so in this case. You cache the whole page including the Javascript but when the cached page gets loaded the Javascript refreshes the CSRF Token on the form. That waythe form Works correctly.

I will take a look at how to implement this maybe with a configuration call on the wheelform.form({}) object.

[xpertbot]

So I have been trying to solve this problem the past couple of days and the cache tag in Craft is way more obstructive than I originally thought. When you use the Cache tag in the Twig Template it only renders the HTML at that point, so the Javascript calls to the registered files and such don't work correctly like Yii2 usually does.

cache tag also breaks my List Field Javascript because it doesn't let it load.

I will have to come up with some clever way to include the Javascript into the template so it gets cached.

[xpertbot]

Added new configuration options to wheelform.open() they are:

• registerScripts This allows The form to generate the necessary scripts and tags for the form to work correctly.
• refreshCsrf This allows the form to create and register a Javascript block that will refresh the CSRF token on page load.

Because of the nature of the {%cache%} block the wheelform.open() code needs to be outside of it, else it will not work. However, You can keep the rest of the form generation inside the {%cache%} tag. This fixed all the issues.

Let me know if you have any questions. P.S. This is on the development branch and will be under testing before I deploy it next week.