1

I'm sending _csrf token in form even in ajax post but still i am getting #400 unable to verify data submission in yii2. I don't want to use the following code to avoide this issue:

public function beforeAction($action)
{
    $this->enableCsrfValidation = false;
    eturn parent::beforeAction($action);
}

This is not the permanent solution because applying this coded will breach the security here's my js Code.

 $(document.body).on('submit','form#send-resource-form',function(e) { 
    var form = $(this); 
    $.ajax({ url: form.attr('action'), 
      type: 'post', 
      data: form.serialize(), 
      dataType: 'json', 
      beforeSend: function(){ 
        // Handle the beforeSend event showLoader(); 
      }, 
    })
    .done(function( response ) { 
       removeLoader(); 
       if(response.status==1) { 
          mytargeted code. 
       } 
    }) 
 });

here's my console headers and response

Headers Image as you can see I m sending csrf token

Response Image and what I get in response

please any one know how to resolve this issue that would be a great help

Thanks

Ali Abdullah
  • 166
  • 8
  • Show us your js code – soju Apr 29 '16 at 11:29
  • I've a lot of js code file can you please be precise about the js code? soju – Ali Abdullah Apr 29 '16 at 11:45
  • The code you are using to send ajax request of course... – soju Apr 29 '16 at 11:51
  • $(document.body).on('submit','form#send-resource-form',function(e) { var form = $(this); $.ajax({ url: form.attr('action'), //form.attr('action'), type: 'post', data: form.serialize(), dataType: 'json', beforeSend: function(){ // Handle the beforeSend event showLoader(); }, }).done(function( response ) { removeLoader(); if(response.status==1) { mytargeted code. } }) }); – Ali Abdullah Apr 29 '16 at 12:25
  • Edit your question to add this code with the correct format. And take a look at your debug logs to see if the request is correctly send to yii. – soju Apr 29 '16 at 12:27
  • it's sending _csrf token in the headers of ajax post. I've alos added the code into the question. – Ali Abdullah Apr 29 '16 at 13:07
  • show the log of form.serialize() , are you getting the _csrf key ? – Kandarp Patel May 03 '16 at 08:53
  • @AliAbdullah can u see X-CSRF-Token key in your header. and if yes check if both the values i.e of X-CSRF-Token and _csrf are same or not – Kandarp Patel May 03 '16 at 12:59
  • Yes both are same.. can't figure out why this is happening i can use $this->enableCsrfValidation = false; to make it working but this is not ht correct way to handle this. – Ali Abdullah May 03 '16 at 13:04
  • @AliAbdullah yes definitely not the way .. what data you are sending ? by any chance you are using form to upload files ? – Kandarp Patel May 04 '16 at 09:00
  • I am sending "data: form.serialize()," that serialize the form and forward it to the controller... – Ali Abdullah May 04 '16 at 11:12
  • @AliAbdullah yes but check the payload size which you are sending, with the upload limits in your php.ini . excedding the upload limit can also cause this – Kandarp Patel May 06 '16 at 05:10
  • @KandarpPatel I've change post_max_size from 3MB to 100MB but still getting the same error :( – Ali Abdullah May 06 '16 at 10:49

0 Answers0