The issue appears only when I open frontend
and backend
in the same browser
.
Scenario:
Interact with Backend -> Switched Tab -> Interact with Frontend -> Switched Tab Back -> Interact with Backend -> Bad Request (#400)
Cookie Backend
'identityCookie' => [
'name' => '_backendIdentity',
'path'=>'/admin',
'httpOnly' => true,
],
Cookie Frontend
'identityCookie' => [
'name' => '_frontendIdentity',
'path'=>'/',
'httpOnly' => true,
],
Session Backend
'session' => [
'name' => 'session_backend'
],
Session Frontend
'session' => [
'name' => 'session_frontend'
],
Thanks to @indra shastri
For those who are facing same issue:
Adding the following resolved my problem.
Backend config/main.php
'request' => [
'cookieValidationKey' => '[DIFFERENT UNIQUE KEY]',
'csrfParam' => '_backendCSRF',
],
Frontend config/main.php
'request' => [
'cookieValidationKey' => '[RANDOM KEY HERE]',
'csrfParam' => '_frontendCSRF',
],
CSRF
的问题在frontend
和backend
都不同,因此当存储同一应用程序session
的浏览器有2个不同的CSRF
其中一个应用程序将收到Bad Request (#400)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.