Getting bad request (#400) on Ajax calls using Yii

2019-01-23 04:35发布

站内问答 / jQuery
1395 8 5

This is my code:

$(document).on('change', '#tblhotel-int_zone_id', function(e){
    var zoneId = $(this).val();
    var form_data = {
        zone: zoneId
    };
    $.ajax({
        url: "state",
        type: "POST",
        data: form_data,
        success: function(response)
        {
            alert(response);
        }
    });
});

This shows:

Bad Request (#400): Unable to verify your data submission.

And I already have <?= Html::csrfMetaTags() ?>. How can I fix this problem?

标签: jquery ajax yii2
举报
8条回答
地球回转人心会变
2楼-- · 2019-01-23 04:50

Note: See the answer from Skullcrasher to fix the issue in the correct way as my answer suggests disabling the Cross-Site Request Forgery.

You have a problem with enableCsrfValidation. To read more about it you can read here.

To disable CSRF, add this code to your controller:

public function beforeAction($action) {
    $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

This will disable for all actions. You should probably, depending on the $action, disable it only for specific actions.

查看更多
0人赞 添加讨论(0) 举报
Juvenile、少年°
3楼-- · 2019-01-23 04:52

Add this code at the bottom of your layout:

<script>
    $.ajaxSetup({
        data: <?= \yii\helpers\Json::encode([
            \yii::$app->request->csrfParam => \yii::$app->request->csrfToken,
        ]) ?>
    });
</script>
查看更多
0人赞 添加讨论(0) 举报
干净又极端
4楼-- · 2019-01-23 04:52

Although it is an old post with alot of answers but there is something missing from all the answers posted, all of them addressed the correct point but when calling the ajax POST request along with your data you should use the yii.js functions provided

  • yii.getCsrfParam() to get the parameter name of the token
  • yii.getCsrfToken() to get the token or actual value of the csrf-token

As if you have different param name for front-end defined inside the config.php or web.php under the request components configurations 

components=>[
.......
.......
    'request' => [
        'csrfParam' => '_csrf-frontend',
    ],
.......
.......
]

then you need to get that name dynamically and the above function help you out.

You should 

var form_data = {
    zone: zoneId
};
form_data[yii.getCsrfParam()]=yii.getCsrfToken();
查看更多
0人赞 添加讨论(0) 举报
We Are One
5楼-- · 2019-01-23 04:55

Use:

var csrfToken = $('meta[name="csrf-token"]').attr("content");
$.ajax({
    url: 'request',
    type: 'post',
    dataType: 'json',
    data: {param1: param1, _csrf : csrfToken},
});

More detail: Yii2: Using csrf token

查看更多
0人赞 添加讨论(0) 举报
一夜七次
6楼-- · 2019-01-23 05:04

/backend/config/main-local.php

'components' => [
    'request' => [
        'cookieValidationKey' => 'unique code',
        'csrfCookie' => ['httpOnly' => true, 'path' => '/admin/'],
    ],
],

/frontend/config/main-local.php

'components' => [
    'request' => [
        'cookieValidationKey' => 'unique code',
        'csrfCookie' => ['httpOnly' => true, 'path' => '/'],
    ],
],
查看更多
0人赞 添加讨论(0) 举报
孤傲高冷的网名
7楼-- · 2019-01-23 05:06

As the answer from Mihai P. states, your problem is CSRF validation. It is also true that you could disable the validation for your actions, but this is not considered a good solution.

As you have a problem in your Ajax request with the validation, you could also use a Yii JavaScript function to add the CSRF token to your formdata that you send in the Ajax request.

Just try to add the token to your form data as follows:

var form_data = {
    zone: zoneId,
    _csrf: yii.getCsrfToken()
};

I hope this helps and you therefore don't have to disable CSRF validation.

In addition to manually add the CSRF token you can check if there is an X-CSRF header set in the request.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)