What steps will reproduce the problem?
'request' => [
'enableCsrfValidation' => true,
'csrfCookie' => [
'name' => '_csrf_front',
'path' => '/',
'domain' => ".domain.loc",
],
],
What is the expected result?
Creation cookie for csrf with name "_csrf_front"
What do you get instead?
"_csrf" instead
Additional info
| Q | A
| ---------------- | ---
| Yii version | 2.0.15-dev?
| PHP version | 7.1.7
| Operating system | macOS
docs
yaroslavolekh
All 14 comments
Would you please tests with 2.0.13?
samdark
on 22 Feb 2018
Same result
yaroslavolekh
on 22 Feb 2018
Would you please post your full config excluding credentials?
samdark
on 22 Feb 2018
/frontend/config/main.php
[
'id' => 'app-frontend',
'basePath' => dirname(__DIR__),
'bootstrap' => [
'devicedetect',
'log',
'locale',
'frontend\components\Route',
'schema',
'maintenanceMode'
],
'on beforeRequest' => function () {
$pathInfo = Yii::$app->request->pathInfo;
if (!empty($pathInfo) && substr($pathInfo, -1) == '/') {
$url = strtolower('/' . substr($pathInfo, 0, strlen($pathInfo) - 1));
Yii::$app->getResponse()->redirect($url, 301);
Yii::$app->end();
}
if ($pathInfo != strtolower($pathInfo) && strpos($pathInfo, 'trips') === false) {
Yii::$app->getResponse()->redirect('/' . strtolower($pathInfo), 301);
Yii::$app->end();
}
if (strstr(Yii::$app->request->absoluteUrl, 'www.')) {
Yii::$app->getResponse()->redirect(str_replace('www.', '', Yii::$app->request->absoluteUrl), 301);
Yii::$app->end();
}
if (substr(Yii::$app->request->absoluteUrl, -1) == '/' && $pathInfo) {
Yii::$app->getResponse()->redirect(substr(Yii::$app->request->absoluteUrl, 0, strlen(Yii::$app->request->absoluteUrl) - 1), 301);
Yii::$app->end();
}
if (!Yii::$app->request->isSecureConnection) {
$url = Yii::$app->request->absoluteUrl;
if (!strpos($url, '.loc/')) {
$url = str_replace('http://', 'https://', $url);
Yii::$app->getResponse()->redirect($url, 301);
Yii::$app->end();
}
}
},
'controllerNamespace' => 'frontend\controllers',
'components' => [
'maintenanceMode' => [
'class' => 'brussens\maintenance\MaintenanceMode',
'enabled' => false,
'layoutPath' => '@frontend/views/under/main',
'viewPath' => '@frontend/views/under/index',
],
'shortcodes' => [
'class' => 'tpoxa\shortcodes\Shortcode',
'...'
],
'devicedetect' => [
'class' => 'alexandernst\devicedetect\DeviceDetect'
],
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
],
'request' => [
'enableCsrfValidation' => true,
'enableCookieValidation' => true,
'csrfCookie' => [
'name' => '_csrf_front',
'path' => '/',
'domain' => "." . $params['projectDomains']['main'],
],
],
'cache' => [
'class' => 'yii\caching\FileCache',
],
'session' => [
'class' => 'yii\web\Session',
'savePath' => __DIR__ . '/../../tmp',
'name' => 'DEVJAMSESSION',
'cookieParams' => [
'path' => '/',
'domain' => "." . $params['projectDomains']['main'],
],
],
'cookies' => [
'class' => 'yii\web\Cookie',
'domain' => "." . $params['projectDomains']['main'],
'httpOnly' => true,
'secure' => true
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => require(__DIR__ . '/urlManager.php'),
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error'],
],
'db' => [
'class' => 'yii\log\DbTarget',
'levels' => ['error', 'warning'],
'except' => ['yii\web\HttpException:404', 'yii\i18n\I18N'],
'prefix' => function () {
$url = !Yii::$app->request->isConsoleRequest ? Yii::$app->request->getUrl() : null;
$userName = Yii::$app->has('user', true) ? Yii::$app->user->identity->username : 'Guest';
$ip = Yii::$app->request->getUserIP();
$addr = \backend\components\Helper::geoIp();
return sprintf('[%s][%s][%s][%s][%s]', $userName, $url, $ip, $addr['country_code'] . ' ' . $addr['city'], \Yii::getAlias('@device'));
},
'logVars' => [],
'logTable' => 'log'
]
],
],
],
'params' => $params,
'modules' => [
'schema' => [
'class' => 'simialbi\yii2\schemaorg\Module',
'autoRender' => true
],
'sitemap' => [
'class' => 'himiklab\sitemap\Sitemap',
'...'
]
],
'aliases' => [
'@part' => '@frontend/views/partials',
'@sch' => '@frontend/views/schemaorg',
'@icons' => '/images/icons/',
],
]
/frontend/config/main-local.php
[
'components' => [
'request' => [
'cookieValidationKey' => '...',
],
'authClientCollection' => [
'class' => 'yii\authclient\Collection',
'clients' => ['...'],
],
'googleApi' => ['...'],
'places' => ['...'],
'placesSearch' => ['..'],
],
'modules' => [
'social' => ['...'],
]
];
if (!YII_ENV_TEST) {
$config['bootstrap'][] = 'debug';
$config['modules']['debug'] = [
'class' => 'yii\debug\Module',
];
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
];
}
do you need /common configuration?
yaroslavolekh
on 22 Feb 2018
Any idea when it could be fixed? It's impossible to separate backend and frontend csrf ((
yaroslavolekh
on 27 Feb 2018
We aren't working on it at the moment. You can dig into it yourself if you need it bad and send a pull request.
samdark
on 27 Feb 2018
@yaroslavolekh , the csrfCookie name is assigned by Request::csrfParam. you need to change your config to:
'request' => [
'enableCsrfValidation' => true,
'enableCookieValidation' => true,
'csrfParam' => '_csrf_front',
'csrfCookie' => [
'path' => '/',
'domain' => "." . $params['projectDomains']['main'],
],
],
@samdark I think that worth it to mention it in the docs
beroso
on 1 Mar 2018
👍2
works fine! thanks
yaroslavolekh
on 7 Mar 2018
@berosoboy any idea on where to mention it best?
samdark
on 7 Mar 2018
I wonder to mention it in PHPDoc block at least
beroso
on 7 Mar 2018
Makes sense. How about a pull request?
samdark
on 7 Mar 2018
Of course. I will do it tonight
beroso
on 7 Mar 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
sobit
路
3Comments
AstRonin
路
3Comments
wartur
路
3Comments
schmunk42
路
3Comments
indicalabs
路
3Comments
Most helpful comment
@yaroslavolekh , the csrfCookie name is assigned by Request::csrfParam. you need to change your config to:
@samdark I think that worth it to mention it in the docs