<meta name="csrf-param" content="_csrf-frontend">
<meta name="csrf-token" content="oidpfJVSR28kMxgD4loRdgIs3TCRVITuR6Ly3Z587nLxdgIt-h8XIlFbSECzCEgHUmqaQ9InwaIYzJ2u-ySaIw==">

并且因为我使用 $form = ActiveForm::begin([])，所以我的表单有这个隐藏字段

and because i use $form = ActiveForm::begin([]), for my form there is this hidden field

<form id="form-small" action="/frontend/web/search/" method="post">
<input type="hidden" name="_csrf-frontend" value="oidpfJVSR28kMxgD4loRdgIs3TCRVITuR6Ly3Z587nLxdgIt-h8XIlFbSECzCEgHUmqaQ9InwaIYzJ2u-ySaIw==">

这是我的 $form = ActiveForm::begin([])

$form = ActiveForm::begin([
        'id' => $model->formName().'-form-small',
        'action' => ['/search/default/id'],
        'method' => 'post',
        'scrollToError' => false,
        'validateOnChange' => false,
        'validateOnSubmit' => true,
        'enableClientValidation' => true,
        'enableAjaxValidation' => true,
        'fieldConfig' => [
            'options' => [
                'tag' => false,
            ],
        ],
    ]);

我的页脚中也有这个 JS.(main.php 布局)

i also have this JS in my footer. (main.php layout)

<script>
    $.ajaxSetup({
      headers: {
        'X-CSRF-TOKEN': '<?= yii::$app->request->csrfToken ?>'
      }
    });
</script>

而且我也不想关闭 CSRF.

And i DO NOT want to turn CSRF off either.

在我的 main.php 我有这个

 'request' => [
            'csrfParam' => '_csrf-frontend',
            'enableCsrfCookie' => false, 
            'enableCookieValidation' => true,
            'cookieValidationKey' => 'frontend-cookie-2021',
        ],

我编辑了yii/framework/.php

并在 841

echo ' -- start--';
        echo '<br><br><br>';
        print_r($trueToken); 
        echo '<br><br><br>';
print_r($this->getBodyParam($this->csrfParam));
echo '<br><br><br>';
print_r($this->getCsrfTokenFromHeader());
echo '<br><br><br>'; 
echo ' -- end--';
die;

每次我提交表单时.$trueToken 令牌似乎不同.即使我不刷新页面.

every time i submit my form. the $trueToken token seems to be different. even when i don't refresh the page.

如下图

-- start--
S-r869794GPYBi8voh-dXVDFLLWl8GvWhw6Qvn4c7icYu5e6sbCwLq1uf2zzTcQsAINrxuaDLprYYP_NG0Sadg==

b4GMJgf6dmn8H64oljr6uxokFC2WbQeLP4bY_SI-7Pg80Od3aLcmJIl3_mvHaKPKSmJTXtUeQsdg6LeOR2aYqQ==

b4GMJgf6dmn8H64oljr6uxokFC2WbQeLP4bY_SI-7Pg80Od3aLcmJIl3_mvHaKPKSmJTXtUeQsdg6LeOR2aYqQ==
-- end--

知道如何解决这个问题吗?谢谢.

Any idea how to fix this? Thank you.

推荐答案

一个 CSRF 令牌头名称是 X-CSRF-Token

A CSRF token header name is X-CSRF-Token

https://github.com/yiisoft/yii2/blob/552593ca3bcd9b4c9b19913e9e56de9548db59e3/framework/web/Request.php#L103

获取已经生成的令牌

$.ajaxSetup({
  headers: {
    'X-CSRF-Token': $('meta[name="_csrf-frontend"]').attr('content')
  }
});

这篇关于HttpException:400 无法验证您提交的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！