发表新帖
发表新帖

Getting bad request (#400) on Ajax calls using Yii 2

后端 未结
关注
8 455
北恋
北恋 2020-12-29 08:39

This is my code:

$(document).on(\'change\', \'#tblhotel-int_zone_id\', function(e){
    var zoneId = $(this).val();
    var form_data = {
        zone: zoneI
相关标签:
8条回答
  • 囚心锁ツ
    2020-12-29 09:01

    Although it is an old post with alot of answers but there is something missing from all the answers posted, all of them addressed the correct point but when calling the ajax POST request along with your data you should use the yii.js functions provided

    • yii.getCsrfParam() to get the parameter name of the token
    • yii.getCsrfToken() to get the token or actual value of the csrf-token

    As if you have different param name for front-end defined inside the config.php or web.php under the request components configurations 

    components=>[
.......
.......
    'request' => [
        'csrfParam' => '_csrf-frontend',
    ],
.......
.......
]

    then you need to get that name dynamically and the above function help you out.

    You should 

    var form_data = {
    zone: zoneId
};
form_data[yii.getCsrfParam()]=yii.getCsrfToken();
    0 讨论(0)
  • 渐次进展
    2020-12-29 09:01

    /backend/config/main-local.php

    'components' => [
    'request' => [
        'cookieValidationKey' => 'unique code',
        'csrfCookie' => ['httpOnly' => true, 'path' => '/admin/'],
    ],
],

    /frontend/config/main-local.php

    'components' => [
    'request' => [
        'cookieValidationKey' => 'unique code',
        'csrfCookie' => ['httpOnly' => true, 'path' => '/'],
    ],
],
    0 讨论(0)
  • 名媛妹妹
    2020-12-29 09:04

    Add this code at the bottom of your layout:

    <script>
    $.ajaxSetup({
        data: <?= \yii\helpers\Json::encode([
            \yii::$app->request->csrfParam => \yii::$app->request->csrfToken,
        ]) ?>
    });
</script>
    0 讨论(0)
  • 鱼传尺愫
    2020-12-29 09:06

    As the answer from Mihai P. states, your problem is CSRF validation. It is also true that you could disable the validation for your actions, but this is not considered a good solution.

    As you have a problem in your Ajax request with the validation, you could also use a Yii JavaScript function to add the CSRF token to your formdata that you send in the Ajax request.

    Just try to add the token to your form data as follows:

    var form_data = {
    zone: zoneId,
    _csrf: yii.getCsrfToken()
};

    I hope this helps and you therefore don't have to disable CSRF validation.

    In addition to manually add the CSRF token you can check if there is an X-CSRF header set in the request.

    0 讨论(0)
  • 醉话见心
    2020-12-29 09:14

    Note: See the answer from Skullcrasher to fix the issue in the correct way as my answer suggests disabling the Cross-Site Request Forgery.

    You have a problem with enableCsrfValidation. To read more about it you can read here.

    To disable CSRF, add this code to your controller:

    public function beforeAction($action) {
    $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

    This will disable for all actions. You should probably, depending on the $action, disable it only for specific actions.

    0 讨论(0)
  • 灰色年华
    2020-12-29 09:18

    Use:

    var csrfToken = $('meta[name="csrf-token"]').attr("content");
$.ajax({
    url: 'request',
    type: 'post',
    dataType: 'json',
    data: {param1: param1, _csrf : csrfToken},
});

    More detail: Yii2: Using csrf token

    0 讨论(0)
 看不清?
提交回复
热议问题