Sometimes, not often, error message appears: "method not allowed yii2 this url can only handle...: POST
Such a code I found in the function behaviors:
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post']
Can it occurs this error message and why this error occurs sometimes(not often)?
ADDitional
Really, I apologize that forget to indicate that all it used by iframe(page open in an iframe window and apply to yii2 through a url and after the delete action was completed - was redirected back), may be a user is logged out, but doest understand it.
And the controller postController receive as post as get method: delete url as GET, _csrf as POST
Only allow delete action via Post. ($_POST). For more security
Example to access via the get and post method: Not recommended for Delete action.
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post','get'],
],
],
Update:
Not always error #405 and may be #403 and ...
Cookies and session expired
When you open several browser tabs(or windows) on your site and your session expires. You login through a window (or with another user). In this case the exception is thrown by clicking on the logut in other open tabs and windows(browser).
This is because CSRF protection works only for unsafe request methods such PUT, POST or DELETE. That's why in order to stay safe your application should never ever use GET requests to change application state.
If a logout by tag <a> or url in nav is set as follows:
'data-method' => 'post'
Modify and try using form and ...
example:
Html::beginForm(['.../logout'], 'post')
. Html::submitButton(
'Logout (' . Yii::$app->user->identity->username . ')',
['class' => 'btn btn-link']
)
. Html::endForm()
Related
What will be the rules for my pretty url if I have the following scenario:
links like this where parameters may vary.
domain/?bt=<token>&e=<email>
or
domain/?lt=<token>&e=<email>
then should be processed in a controller/action. ie. mycontroller/get
Also, parameters should be accessible by $_GET inside the action.
the simplest way is based on the use of urlHelper
use yii\helpers\Url;
$myUrl = Url::to(['your_controller/your_action', 'bt' => 123, 'e' => 'myemail#gmail.com']);
Using the urlHelper function Url::to .. the url you need is properly formed depending of the urlManager configuration you have set in your config file
and the param a manager as show in the sample like entry in an array.
The post or get method is related to the type of metho you have in your ulr call if not other values are specified the url is formed as a get
and you can obtain the values you need in $_GET['bt'] and $_get['e']
http://www.yiiframework.com/doc-2.0/yii-helpers-url.html
http://www.yiiframework.com/doc-2.0/yii-web-urlmanager.html
http://www.yiiframework.com/doc-2.0/guide-runtime-routing.html
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'<controller:\w+>/<id:\d+>' => '<controller>/view',
'<controller:\w+>/<action:\w+>/<id:\d+>' => '<controller>/<action>',
'<controller:\w+>/<action:\w+>' => '<controller>/<action>',
'' => 'call-backs/get',
'unsubscribes' => 'unsubscribes/get',
],
],
#scaisEdge, thank you for answering my question. maybe my question isn't that clear but this is the solution I made for my question after a hard find of clues and tips online.
All I wanted was that when a user clicks on a link, hitting the main page/main domain, it will go to my yii project (intended to be a webservice or an API like one) then will be handled by a precise controller and action.
'' => 'call-backs/get'
the code above answers the question. Cheers.
I have blog via yii2 and using page caching
'class' => 'yii\filters\PageCache',
'only' => ['view','video'],
'duration' => 900,
'dependency' => [
'class' => 'yii\caching\DbDependency',
'sql' => '?',
],
my post table has primary key as id ;
how to I set sql as separate page cache per post id ?
thank you guy .
Just pass the current ID to it and yes, you can do it, use the enabled property and variation like this
[
'enabled' => Yii::$app->request->isGet && Yii::$app->user->isGuest,
'class' => 'yii\filters\PageCache',
'only' => ['index'],
'duration' => 900,
'variations' => [
Yii::$app->request->get('id')
]
]
This ensures that it will cache only get requests for non logged in users per post ID, you don't want to cache other request than get or logged in users if they can do some things like commenting and see per user data (login name etc.)
You can even use a more advanced config if you like eg. dynamic placeholder with page cache to allow caching even for authenticated users, just check the docs.
I am logging into Db using existing Yii logging API.
But I want to differentiate between Frontend logs and Backend logs inside DB.
Everything that appears is common for both, I face difficulty tracing frontend logs.
Below is the image of DB Logs where GREEN marked are for backend logs, RED marked are for Frontend Logs.
You can use prefix property for this. This is callable that returns a string to be prefixed to every exported message with signature function ($message).
As default getMessagePrefix() is used there which prefixes the message with user IP, user ID and session ID.
You can use it to add there frontend and backend.
Thanks to #Bizley!
Inside both backend/config/main and frontend/config/main, I configured below; This is how my entire log configuration for Frontend looks like(Similarly you can do it for Backend);
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\DbTarget',
'levels' => ['error'],
'prefix' => function ($message) {
return "[Frontend]";
},
],
[
'class' => 'yii\log\FileTarget',
'levels' => ['error','info'],
],
],
],
Below is the view on UI for logs. With the Help of Prefix I can now easily differentiate between channels.
May I know how to have function of automatic logout if users have inactive more than 5 minutes in yii2 ?
Try this configuration :
'user' => [
'enableAutoLogin' => false,
'authTimeout' => 300,
],
authTimeout
Your answer lies in configuration of "user" component in your config files.
Everything you need to know is in this documentation Yii2 User Component, set authTimout property to 300 (that's in seconds) and your user should be logged out after 5 minutes of inactivity.
In your component configuration you need to add config in user component like this
'components'=>[
'user' => [
'class'=>'yii\web\User',
'identityClass' => 'common\models\User',
'loginUrl'=>['sign-in/login'],
'enableAutoLogin' => false,
'authTimeout'=>300, //Number of second to Automatic Logout if inactive
//this config is optional
'identityCookie' => [
'name' => '_backendUser', // unique for backend
'path'=>'#backend/web' // correct path for the backend app.
],
'as afterLogin' => 'common\behaviors\LoginTimestampBehavior'
],
],
Besides of setting up the main.php I have three suggestion to handle this situation.
You should set you application in production mode ..
customize the site/error.php to check if user is guest and if not display the div with message like "Session expires" and a link to "site/login".
Alternatively, To redirect to login page when clicks on any link, define the access-control in a controller behaviors function and then you are done.
If user is not logged in then user should have to be redirect on login page, for that i found function which is working fine for me, i used below function
public function beforeAction($action)
{
if (\Yii::$app->getUser()->isGuest &&
\Yii::$app->getRequest()->url !== Url::to(\Yii::$app->getUser()->loginUrl)
) {
\Yii::$app->getResponse()->redirect(\Yii::$app->getUser()->loginUrl);
}
return parent::beforeAction($action);
}
This is working fine for me, but for this i need to add function in every controller, what i want to do, i need common function where can i perform this action, So can anyone please tell me what is best way to do this ?
You need to add below code in config/web.php after components part.
'as beforeRequest' => [ //if guest user access site so, redirect to login page.
'class' => 'yii\filters\AccessControl',
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'allow' => true,
'roles' => ['#'],
],
],
],
Actually if user does not have rights Yii redirects him to login page by it self.
You can change loginUrl if you have another one. Or you can implement own redirect if for example you use ajax.
http://www.yiiframework.com/doc-2.0/yii-web-user.html
Here is explanation of Yii security
http://www.yiiframework.com/doc-2.0/guide-security-authorization.html