Getting bad request (#400) on Ajax calls using Yii 2

bad request (#400): unable to verify your data submission.
yii2 ajax bad request (#400)
yii ajax call controller action
yii csrf token
yii_csrf_token
how to validate csrf token
yii2 get cookie value

This is my code:

$(document).on('change', '#tblhotel-int_zone_id', function(e){
    var zoneId = $(this).val();
    var form_data = {
        zone: zoneId
    };
    $.ajax({
        url: "state",
        type: "POST",
        data: form_data,
        success: function(response)
        {
            alert(response);
        }
    });
});

This shows:

Bad Request (#400): Unable to verify your data submission.

And I already have <?= Html::csrfMetaTags() ?>. How can I fix this problem?


Note: See the answer from Skullcrasher to fix the issue in the correct way as my answer suggests disabling the Cross-Site Request Forgery.


You have a problem with enableCsrfValidation. To read more about it you can read here.

To disable CSRF, add this code to your controller:

public function beforeAction($action) {
    $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

This will disable for all actions. You should probably, depending on the $action, disable it only for specific actions.

Yii2 ajax bad request (#400), I am using the following code to make an ajax request to a controller: var data contentType: "application/json", dataType: "json", error: function the ajax code, Yii consistently returns a 400 Bad Request error. I've tried sending the data as regular post data instead of JSON, but still getting the same error. July 1, 2014 July 2, 2014 Kartik Requests, Yii 2 Are you facing problems with a HTTP 400 bad request for AJAX and POST requests in Yii Framework 2.0? Some examples reported by users as of June 2014, are in extensions that use AJAX processing:


As the answer from Mihai P. states, your problem is CSRF validation. It is also true that you could disable the validation for your actions, but this is not considered a good solution.

As you have a problem in your Ajax request with the validation, you could also use a Yii JavaScript function to add the CSRF token to your formdata that you send in the Ajax request.

Just try to add the token to your form data as follows:

var form_data = {
    zone: zoneId,
    _csrf: yii.getCsrfToken()
};

I hope this helps and you therefore don't have to disable CSRF validation.

In addition to manually add the CSRF token you can check if there is an X-CSRF header set in the request.

Ajax bad request 400 - General Discussions, Updated my advanced app to latest Yii using Composer some 12 hours ago (​previous Bad Request (#400) - Unable to verify your data submission #4497 /forum/index.php/topic/56405-yii-2-cookies-get-not-working/ seems to be similar issue. Reinstall project but ajax-requests still returns 400 error  Yii2 - Getting bad request (#400) on ajax calls Yii2 - Getting bad request (#400) on ajax calls Include _csrf parameter with correct value in Ajax/Post calls.


Add this code at the bottom of your layout:

<script>
    $.ajaxSetup({
        data: <?= \yii\helpers\Json::encode([
            \yii::$app->request->csrfParam => \yii::$app->request->csrfToken,
        ]) ?>
    });
</script>

Bad Request (#400), Hello Kartik,. Can you help me with this 400 error? I am trying to get work your DetailView with DateControl but with no success. Ajax call for  I'm building a custom post type plugin using a class. I've got a form on a page which makes an AJAX call, and this returns a 400 Bad Request and a 0 response. I've tried making the call independently of the page using Postman. Still the same response. In constructor:


Use:

var csrfToken = $('meta[name="csrf-token"]').attr("content");
$.ajax({
    url: 'request',
    type: 'post',
    dataType: 'json',
    data: {param1: param1, _csrf : csrfToken},
});

More detail: Yii2: Using csrf token

HTTP bad request (#400) in Yii2 ajax calls, Yii2 - Getting bad request (#400) on ajax calls. Question SEE THE ANSWER FROM Skullcrasher TO DO THIS IN A MORE PROPER WAY. You have a  HTTP bad request (#400) in Yii2 ajax calls July 1, 2014 July 2, 2014 Kartik 1 Comment Are you facing problems with a HTTP 400 bad request for AJAX and POST requests in Yii Framework 2.0?


You need to disable CSRF validation in the before action function:

public function beforeAction($action) {
    if($action->id == "action name need to disable")
        $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

Or using the GET method.

Yii2 - Getting bad request (#400) on ajax calls, bad request (#400): unable to verify your data submission. yii2 ajax bad request (#400) yii ajax call controller action yii csrf token yii_csrf_token how to validate csrf  your - Yii2 How to properly create checkbox column in gridview for bulk actions? yii2 security (7) I need to create "bulk actions" similar to wordpress posts management, so you can for example delete multiple records at a time.


Getting bad request (#400) on Ajax calls using Yii 2, Yii2 запрос по ajax и ошибка валидации csrf токена Bad Request (#400) <?​php use yii\helpers\Html; use yii\helpers\Url; use yii\widgets\ActiveForm; ?> '​success' : function(data){ //что-то делаем с результатом }, 'error' : function(​request,  What Is a 400 Bad Request Error? A 400 Bad Request error happens when a server cannot understand a request that’s been made of it. It’s called a 400 error because that’s the HTTP status code that the web server uses to describe that kind of error. A 400 Bad Request error can happen because there’s a simple error in the request.


Yii2 ajax и ошибка Bad Request (#400), Note that we used the js: prefix, which is required when you want to use JavaScript instead Thereare two ways through which we can limitits usage to AJAXonly. use thegetQuote action directly will get an HTTP error: 400 Bad Request. do this as follows: function actionGetQuote() { if(!Yii::app()>request>​isAjaxRequest)  I am suddenly getting the "Unable to verify your data submission" on a $.ajax() call that was working fine. I haven't changed the config or the $.ajax() call. I just ran a "composer update", and I cleared the cookies in my browser. If I set enableCsrfValidation to FALSE it works fine. I'm just getting my feet wet with Yii2 and composer.


Yii 1.1 Application Development Cookbook, This is required when you want to use nstead of a string, as in the example we just saw. There are two ways that we can limit its usage to AJAX-only. class QuoteController extends Controller I function filters() I return array( 'ajaxOnly + who tries to use the getQuote action directly will get a 400 Bad Request HTTP error. But if I use uWSGI and NGINX, I get the "Bad Request (400)"-page, again. Initially I had some import-errors and I had to add some paths to sys.path. But now I get no errors from python, NGINX or uWSGI and still end up with the 400-Error-page.