php - Yii2 在隐身模式下无法验证您的数据提交

Question

我使用以下方法将后端和前端分开:

后端配置/main.php

$config = [
    'id' => 'app-backend',
    'basePath' => dirname(__DIR__),
    'controllerNamespace' => 'backend\controllers',
    'bootstrap' => ['log'],
    'modules' => [],
    'components' => [
        'request' => [
            'csrfParam' => '_csrf-backend',
            'cookieValidationKey' => 'sdsdsdsd-e8Fhoa1PdHzzfB2VTON9Nfh',
            'class' => 'common\components\Request',
            'web'=> '/backend/web',
            'adminUrl' => '/cpanel'
        ],
        'urlManager' => [
            'class' => 'yii\web\UrlManager',
            'enablePrettyUrl' => true,
            'showScriptName' => false,
        ],
        'user' => [
            'identityClass' => 'common\models\AdminUser',
            'enableAutoLogin' => true,
            'identityCookie' => ['name' => '_identity-project-backend', /*'httpOnly' => true*/],
        ],
        'session' => [
            // this is the name of the session cookie used for login on the backend
            'name' => 'project-backend',
            'timeout' => 60*60*24*30,
        ],
    ],
    'params' => $params,
];

前端配置/main.php

$config =  [
    'id' => 'app-frontend',
    'basePath' => dirname(__DIR__),
    'bootstrap' => ['log'],
    'controllerNamespace' => 'frontend\controllers',
    'components' => [
        'request' => [
            'csrfParam' => '_csrf-backend',
            'cookieValidationKey' => 'wmWhVSIv-e8Fhoa1PdHzzfB2VTON9Nfh',            
            'class' => 'common\components\Request',
            'web' => '/frontend/web'
        ],
        'urlManager' => [
            'class' => 'yii\web\UrlManager',
            'enablePrettyUrl' => true,
            'showScriptName' => false,
        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,
            'identityCookie' => ['name' => '_identity-project-frontend', /*'httpOnly' => true*/],
        ],
        'session' => [
            // this is the name of the session cookie used for login on the frontend
            'name' => 'project-frontend',
            'timeout' => 60*60*24*30,
        ],
        'log' => [
            'traceLevel' => YII_DEBUG ? 3 : 0,
            'targets' => [
                [
                    'class' => 'yii\log\FileTarget',
                    'levels' => ['error', 'warning'],
                ],
            ],
        ],
        'errorHandler' => [
            'errorAction' => 'site/error',
        ],        
    ],
    'params' => $params,
    //'defaultRoute' => 'site/index'
];

现在它可以在正常浏览器模式下完美运行。但是当我尝试使用隐身模式登录时，第一次尝试时会出现以下错误:

Unable to verify your data submission

之后，如果我重新加载页面并尝试再次登录，它会正常工作。

我的表单是使用 ActiveForm 生成的，因此 CSRF token 在登录页面中可用。

那么如何解决这个问题呢？

Answer 1

你可以在特定的 Controller / Action 中指定验证 false

包含 Yii 类

use Yii;

在 Action 中

Yii::$app->controller->enableCsrfValidation = false;

或者在 Controller 内部

$this->enableCsrfValidation = false;