We Keep Coding

How do I solve it this error HTTP 400 - Unable to verify your data submission in Yii2?

My Yii 2 application was progressing well until I received an unusual error bout a bad HTTP request.
HTTP 400 Unable to verify your data Submission.
I have looked it up and much of the literature indicates the cause being due to a CSRF issue. However, the CSRF components are all in place within the HTML head section and the hidden field is submitting the correct token.
Additional Info
Yii version = 2.0.12 App Basic
PHP version = 5.6
OS = Ubuntu
I have disabled all the security firmware of the host but I still get the error. Please help the site is in Prod already and I can not find how to solve this many thanks in advance.
web/config/main.php
$config = [
'components' => [
'session' => ['class' => 'yii\web\DbSession'],
'request' => [
'cookieValidationKey' => 'AAOSL2no3kbkJwRA4CNwDuB5g5T5_58t',
],
'cache' => [
'class' => 'yii\caching\FileCache',
],
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => true,
],
'errorHandler' => ['errorAction' => 'site/error'],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'db' => $db,
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
],
'params' => $params,
];
if (YII_ENV_DEV) {
$config['bootstrap'][] = 'debug';
$config['modules']['debug'] = [
'class' => 'yii\debug\Module',
//'allowedIPs' => ['127.0.0.1', '::1'],
];
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
//'allowedIPs' => ['127.0.0.1', '::1'],
];
}
return $config;

As per Change Logs, BugFix and Enhancement related to CSRF cookie.
2.0.13 November 03, 2017 updates include
Bug #14542: Ensured only ASCII characters are in CSRF cookie value since binary data causes issues with ModSecurity and some browsers (samdark)
Enh #14087: Added yii\web\View::registerCsrfMetaTags() method that registers CSRF tags dynamically ensuring that caching doesn't interfere (RobinKamps).
2.0.14 February 18, 2018 updates include
Bug #15317: Regenerate CSRF token if an empty value is given
Enh #15496: (CVE-2018-6009): CSRF token is now regenerated on changing identity (samdark, rhertogh)(sammousa)
So update your framework to the latest version 2.0.14 use composer update via terminal inside your project root, once updated make sure you have the
<?= Html::csrfMetaTags () ?>
inside the <head> tag of the layout file you are using either main.php or any other custom name.
If still persist you can disable it for the specific action inside the beforeAction
public function beforeAction($action)
{
if ($action->id == 'action-name') {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
or for a specific controller by adding
public $enableCsrfValidation = false;

Add <?= Html::csrfMetaTags() ?> in your view, or add in layout(main.php)

Yii2 migrations - Separated Migrations

I am creating a module with the following structure:
common
L modules
LL blog
LLL backend
LLL frontend
LLL common
LLL migrations
I found in yii2 documentation a section about "Separated Migrations"
In console/config/main.php I have set:
'migrate-blog' => [
'class' => 'yii\console\controllers\MigrateController',
'migrationNamespaces' => ['app\common\modules\blog\migrations'],
'migrationTable' => 'migration_blog',
'migrationPath' => null,
]
Then I go to console and run following command:
php yii migrate/create app\\common\\modules\\blog\\migrations\\create_table_blog_post
It returns an error:
Error: Namespace 'app\common\modules\blog\migrations' not found in `migrationNamespaces`
am I missing any settings?

Did you add the following info to config of console.php
'controllerMap' => [
// Migrations for the specific project's module
'migrate-module' => [
'class' => 'yii\console\controllers\MigrateController',
'migrationNamespaces' => ['app\module\migrations'],
'migrationTable' => 'migration_module',
'migrationPath' => null,
],
],
I have seen that you have the config in console/config/main.php then the check the yii file is having the following line.
$config = require(__DIR__ . '/console/config/main.php');
After this instead of running
php yii migrate/create app\\common\\modules\\blog\\migrations\\create_table_blog_post
Run the following command
php yii/migrate-blog/create create_table_blog_post
I hope this helps.

http 403 exception not displaying properly

I have implemented a set of rules but when a user attempts to access a restricted area, I am getting a text output instead of a nice boostrap alert. How can I get this working again?
Rule:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['index', 'view'],
'rules' => [
[
'roles' => ['#'],
'actions' => ['index', 'view'],
'allow' => true,
],
],
],
Exception message:
An Error occurred while handling another error:
exception 'yii\web\ForbiddenHttpException' with message 'You are not allowed to perform this action!.' in ###\vendor\yiisoft\yii2\filters\AccessControl.php:151
Stack trace:...

Thanks Bizley for your help. I followed your instructions and discovered that I rather stupidly copied my rules to my site/error page meaning that I accidentally blocked the ability to see the error page!!! I removed the offending rule and all is working.

Getting error while sending an email with yashop-ses in yii2

I used yashop-ses to send an email with amazon, for that i used this extension
https://github.com/ofat/yashop-ses , while using this extension i am getting error like Undefined property: yashop\ses\libs\SimpleEmailServiceRequest::$resource, here is my code
'mail' => [
'class' => 'yashop\ses\Mailer',
'access_key' => '*******',
'secret_key' => '*******',
'host' => 'us-east-1'
],
Yii::$app->mail->compose('contact/html')
->setFrom('test#test.com')
->setTo('test#test.com')
->setSubject('Testing')
->send();
Can anyone please tell me what is wrong in my code ?

Yii::$app->mailer->getSES()->enableVerifyPeer(false); - this code fixed my issue

Try to use
'host' => 'email.us-east-1.amazonaws.com'

Yii 2 - Exception error with message 'Login Required'

An Error occurred while handling another error:
exception 'yii\web\ForbiddenHttpException' with message 'Login
Required' in
C:\wamp\www\k\kometonline\vendor\yiisoft\yii2\web\User.php:431
Am getting this error after installing RBAC in backend admin login page (site.com/backend/web/site/login). Whats the main cause of this problem. I don't know what code to post. Please comment below If you need any code. Thanks in advance.

I encountered the same error while installing RBAC in backend admin login page while following this tutorial:
RBAC Super Simple with Admin and User
You may try doing the changes you made at the frontend login SiteController and see if works. The difference between these two SiteControllers is that the frontend already uses access rules in its behavior method.
From there you can compare the SiteControllers at backend and frontend and see what makes it work. In my case I simply added one line
'only' => ['logout'],
just below
'class' => AccessControl::className(),
and it worked!

While I know the solution worked for the OP and is a few years old, I wanted to post how I solved this for myself, in the hope of offering an alternate solution.
In my case, I specified the following actions
'rules' => [
[
'actions' => ['logout', 'index',],
'allow' => true,
'roles' => ['#'],
],
This specified that the index and logout was protected by a password, The
*"'roles' => ['#']"*
say that only authenticated users can invoke these actions.
Therefore, when my application restarted, it tried to direct to the login action and error presented. I solved this by specifying a rule for non logged in users (a.k.a guests) by specifying the role
*"'roles' => ['?']"*
My behavior method therefore changed to
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['logout', 'index',],
'allow' => true,
'roles' => ['#'],
],
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
],
],
];
}