Home » Php » php – Yii2 Invalid Configuration, cookieValidationKey must be configured with a secret key error when accessing the API

php – Yii2 Invalid Configuration, cookieValidationKey must be configured with a secret key error when accessing the API

Posted by: admin February 25, 2020 Leave a comment

Questions:

I am encountering an error whenever I am trying to access my self written API.

{
“name”: “Invalid Configuration”,
“message”: “yii\web\Request::cookieValidationKey must be configured with a secret key.”,
“code”: 0,
“type”: “yii\base\InvalidConfigException”,
“file”: “F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\Request.php”,
“line”: 1669,
“stack-trace”: [
“#0 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\Request.php(1651): yii\web\Request->loadCookies()”,
“#1 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\Request.php(1739): yii\web\Request->getCookies()”,
“#2 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\Request.php(1721): yii\web\Request->loadCsrfToken()”,
“#3 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\User.php(279): yii\web\Request->getCsrfToken(true)”,
“#4 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\User.php(261): yii\web\User->regenerateCsrfToken()”,
“#5 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\User.php(299): yii\web\User->login(Object(common\models\User))”,
“#6 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\filters\auth\HttpHeaderAuth.php(62): yii\web\User->loginByAccessToken(‘aa9d0c9e05a7f35…’, ‘yii\\filters\\aut…’)”,
“#7 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\filters\auth\AuthMethod.php(59): yii\filters\auth\HttpHeaderAuth->authenticate(Object(yii\web\User), Object(yii\web\Request), Object(yii\web\Response))”,
“#8 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\base\ActionFilter.php(77): yii\filters\auth\AuthMethod->beforeAction(Object(yii\base\InlineAction))”,
“#9 [internal function]: yii\base\ActionFilter->beforeFilter(Object(yii\base\ActionEvent))”,
“#10 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\base\Component.php(627): call_user_func(Array, Object(yii\base\ActionEvent))”,
“#11 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\base\Controller.php(276): yii\base\Component->trigger(‘beforeAction’, Object(yii\base\ActionEvent))”,
“#12 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\Controller.php(185): yii\base\Controller->beforeAction(Object(yii\base\InlineAction))”,
“#13 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\base\Controller.php(155): yii\web\Controller->beforeAction(Object(yii\base\InlineAction))”,
“#14 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\base\Module.php(528): yii\base\Controller->runAction(‘refdatajson’, Array)”,
“#15 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\web\Application.php(103): yii\base\Module->runAction(‘v1/survey/refda…’, Array)”,
“#16 F:\xampp\htdocs\inventory-web\vendor\yiisoft\yii2\base\Application.php(386): yii\web\Application->handleRequest(Object(yii\web\Request))”,
“#17 F:\xampp\htdocs\inventory-web\api\web\index.php(35): yii\base\Application->run()”,
“#18 {main}”
] }

I have looked at this problem in detail and tried this solution in my config/main.php

$params = array_merge(
    require(__DIR__ . '/../../common/config/params.php'),
    require(__DIR__ . '/../../common/config/params-local.php'),
    require(__DIR__ . '/params.php'),
    require(__DIR__ . '/params-local.php'),
    require(__DIR__ .'/main-local.php')
);
'components' => [
        'request' => [

            'enableCookieValidation' => false,
            'enableCsrfValidation' => false,

        ],    


'request' => [

'enableCookieValidation' => false,// also set it to true

'enableCsrfValidation' => false, // also set it to true
],

In /config/main-local.php I have following

'components' => [
    'request' => [
        // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
        'cookieValidationKey' => 'someRandomKey', 

    ],
],

It’s not working for me. Any help would be highly appreciated.

How to&Answers:

Remove the request component from the common/config/main-local.php and just keep it into the frontend/config/main-local.php.

Then add the following in your api/config/main.php under components to turn off cookie validation for the API.

 'components' => [
        'request' => [
            'enableCookieValidation' => false,
            'enableCsrfValidation' => false,
        ],