Yii2 - Bad Request (#400) | Frontend and backend c

2019-08-05 03:40发布

The issue appears only when I open frontend and backend in the same browser.

Scenario:

Interact with Backend -> Switched Tab -> Interact with Frontend -> Switched Tab Back -> Interact with Backend -> Bad Request (#400)

Cookie Backend

'identityCookie' => [
                'name' => '_backendIdentity',
                'path'=>'/admin',
                'httpOnly' => true,
            ],

Cookie Frontend

'identityCookie' => [
                    'name' => '_frontendIdentity',
                    'path'=>'/', 
                    'httpOnly' => true,
                ],

Session Backend

'session' => [
            'name' => 'session_backend'
        ],

Session Frontend

'session' => [
            'name' => 'session_frontend'
        ],

标签： php cookies yii2 yii2-advanced-app

2条回答

姐就是有狂的资本

2楼-- · 2019-08-05 04:00

Thanks to @indra shastri

For those who are facing same issue:

Adding the following resolved my problem.

Backend config/main.php

'request' => [
                'cookieValidationKey' => '[DIFFERENT UNIQUE KEY]',
                'csrfParam' => '_backendCSRF',
            ],

Frontend config/main.php

'request' => [
            'cookieValidationKey' => '[RANDOM KEY HERE]',
            'csrfParam' => '_frontendCSRF',
        ],

0人赞添加讨论(0) 举报

我想做一个坏孩纸

3楼-- · 2019-08-05 04:07

It is the issue of CSRF that are different on the both frontend and backend so when a browser storing the session of same application have 2 different CSRF then one of the application will get Bad Request (#400)

0人赞添加讨论(0) 举报

Yii2 - Bad Request (#400) | Frontend and backend c

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间