search

craftcms / cms

Build bespoke content experiences with Craft.
https://craftcms.com
Other
3.22k stars 627 forks source link

[4.x]: yii\web\HttpException:400: Unable to verify your data submission #15735

Closed jonleverrier closed 4 days ago

jonleverrier commented 1 week ago

What happened?

Description

I've started to see a few of these errors in my log file since updating recently.

yii\web\HttpException:400: Unable to verify your data submission.

On a particular installation running 4.11.5 some of my users have reported seeing a Craft error 400 page upon visiting a particular url, or after submitting a form which is posted to a custom controller.

Posting here because I saw there were recent changes to live preview and CsrfValidation (I think).

Stack trace (apologies for the formatting):

Unable to verify your data submission. {"trace":["#0 /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/craft/vendor/craftcms/cms/src/web/Controller.php(171): yii\\web\\Controller->beforeAction()","#1 /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/craft/vendor/yiisoft/yii2/base/Controller.php(176): craft\\web\\Controller->beforeAction()","#2 /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/craft/vendor/yiisoft/yii2/base/Module.php(552): yii\\base\\Controller->runAction()","#3 /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/craft/vendor/craftcms/cms/src/web/Application.php(340): yii\\base\\Module->runAction()","#4 /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/craft/vendor/craftcms/cms/src/web/Application.php(639): craft\\web\\Application->runAction()","#5 /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/craft/vendor/craftcms/cms/src/web/Application.php(302): craft\\web\\Application->_processActionRequest()","#6 /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/craft/vendor/yiisoft/yii2/base/Application.php(384): craft\\web\\Application->handleRequest()","#7 /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/public/index.php(12): yii\\base\\Application->run()","#8 {main}"],"memory":2747976,"exception":"[object] (yii\\web\\BadRequestHttpException(code: 0): Unable to verify your data submission. at /home/removed/releases/0bec64af89ec999cee1d453404970c8c80c15d47/craft/vendor/yiisoft/yii2/web/Controller.php:221)"}

Steps to reproduce

1.

Expected behavior

Actual behavior

Craft CMS version

4.11.5

PHP version

8.1

Operating system and version

No response

Database type and version

No response

Image driver and version

No response

Installed plugins and versions

-

brandonkelly commented 4 days ago

Nothing changed in Craft 4 recently that would have affected CSRF validation.

If you haven’t noticed the error affecting control panel usage (or front-end forms, if you have any), most likely these are coming from robot form submissions on cached pages, and CSRF validation is working as intended.