-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad Request (#400) - Unable to verify your data submission #4497
Comments
I remember this error too after an composer update. It also went away as fast as it came. Could it be a cookie or browser cache reset |
Have you done this?
|
Yes, I had to do it on a previous update and it worked until now. I've even cloned a fresh copy of the latest advanced app and the same thing happens. |
looks like you have to clear your cookies from the browser. your data looks like the cookie CSRF tag has been generated by an old version of Secuitry class. |
Deleted the cookies, tried incognito window, other browser. Still the same. |
okay, this is weird. Have you tried with the basic app contact form? Or which form did you use to reproduce it? |
Frontend signup, login, backend login and contact - neither works. |
Shouldn't it fail automated testing for issues like this? |
It seems |
I am unable to reproduce it with neither basic nor advanced application here... |
http://www.yiiframework.com/forum/index.php/topic/56405-yii-2-cookies-get-not-working/ seems to be similar issue. |
@mbman Will you be able to set a breakpoint in |
Here you go: I'll set the breakpoint and send the cookie data ASAP |
A good place to check with debugger is https://github.com/yiisoft/yii2/blob/master/framework/web/Request.php#L1195 |
$_COOKIE value at the breakpoint @samdark suggested:
|
Yup. https://github.com/yiisoft/yii2/blob/master/framework/web/Request.php#L1306 is generating raw token but we're trying to decode it at https://github.com/yiisoft/yii2/blob/master/framework/web/Request.php#L1341 |
what's your cookievalidationkey? |
key is sfjBvtU7vXsWLsiGfkHY75mIYsqLwATl |
Your cookie is valid. Is your problem the same as @mbman's? |
pretty sure it is |
some debugging info:
|
Updated the code to latest version, cleared cookies and the problem is still there.
|
Vagrant server used:
|
mb_substr with null length parameter return empty string http://php.net//manual/en/function.mb-substr.php (first comment) |
@onepeopleprojects why length is 0? |
Fixes #4497: Bad Request, Unable to verify your data submission
Just merged another fix. Is it better now? |
Excellent speed )) yes, it work )) |
great! it work. |
this patch also fixes a Codeception issue:
|
@dynasource are the issues mentioned in our or codeception trackers? If so, would you please give links so I'll close these? |
none. It was an observation yesterday. I knew about this topic, so a composer update was worth a try (and it was). I just wanted to mention it for people searching. |
I am suddenly getting the "Unable to verify your data submission" on a |
I am getting the same error on a fresh update... need to check.
|
Have same problem. Reinstall project but ajax-requests still returns 400 error |
@MEGApixel23 do you send the |
@mbman no, but it works on previous Yii2 version. I tried to send |
@MEGApixel23 just disable csrf validation in your ajax controller |
Still happens on version 2.0.2. The cookie is not created on first request. I have a workaround: Extend View::endPage(): class View extends \yii\web\View {
public function endPage($ajaxMode = false)
{
\Yii::$app->getResponse()->sendCookies();
parent::endPage($ajaxMode);
}
} |
@gorellnet please open a new issue if there is a problem, this one is already closed for 2.0rc |
Updated my advanced app to latest Yii using Composer some 12 hours ago (previous update was maybe a day earlier), and since then all forms stopped working.
It seems Yii can't validate the csrf cookie it generates.
Yii 2.0.0-dev
PHP 5.4.4-14+deb7u11
Log: http://pastebin.com/i9Ta8W5y
Request: http://pastebin.com/5wpALxCy
Headers: http://pastebin.com/KMKbvr3V
The text was updated successfully, but these errors were encountered: