php - CraftCMS cookieValidationKey 必须配置秘钥

Question

我正在使用 CraftCMS，但出现此错误:

Invalid Configuration – yii\base\InvalidConfigException
craft\web\Request::cookieValidationKey must be configured with a secret key.

较长的错误是:

1. in /code/vendor/yiisoft/yii2/web/Request.phpat line 1678
1669167016711672167316741675167616771678167916801681168216831684168516861687     * Converts `$_COOKIE` into an array of [[Cookie]].
     * @return array the cookies obtained from request
     * @throws InvalidConfigException if [[cookieValidationKey]] is not set when [[enableCookieValidation]] is true
     */
    protected function loadCookies()
    {
        $cookies = [];
        if ($this->enableCookieValidation) {
            if ($this->cookieValidationKey == '') {
                throw new InvalidConfigException(get_class($this) . '::cookieValidationKey must be configured with a secret key.');
            }
            foreach ($_COOKIE as $name => $value) {
                if (!is_string($value)) {
                    continue;
                }
                $data = Yii::$app->getSecurity()->validateData($value, $this->cookieValidationKey);
                if ($data === false) {
                    continue;
                }

我的 .env 文件是这样的:

# The environment Craft is currently running in ("dev", "staging", "production", etc.)
ENVIRONMENT="dev"

# The application ID used to to uniquely store session and cache data, mutex locks, and more
APP_ID="CraftCMS"

# The secure key Craft will use for hashing and encrypting data
SECURITY_KEY="xxxxxxxx"

# The database driver that will be used ("mysql" or "pgsql")
DB_DRIVER="mysql"

# The database server name or IP address
DB_SERVER="mariadb"

# The port to connect to the database with
DB_PORT="3306"

# The name of the database to select
DB_DATABASE="dev_craftcms"

# The database username to connect with
DB_USER="root"

# The database password to connect with
DB_PASSWORD="abc123"

# The database schema that will be used (PostgreSQL only)
DB_SCHEMA=""

# The prefix that should be added to generated table names (only necessary if multiple things are sharing the same database)
DB_TABLE_PREFIX=""

DEFAULT_SITE_URL="http://www.amira.local/"

我错过了什么吗？

Answer 1

您的 env 文件只是存储这些 secret 的地方，因此它们不会提交给源代码控制，Craft 不会自动直接从那里提取值。在此安全 key 在 Craft 的通用配置文件 config/general.php 中设置，应设置为:

    // The secure key Craft will use for hashing and encrypting data
    'securityKey' => getenv('SECURITY_KEY'),

我怀疑它没有在通用配置中设置，所以你得到一个错误。顺便说一句 xxxxxxxxx 不是很安全，我建议在那里使用强密码。