How to fix a 400 Bad Request in Craft CMS

Either disable CSRF protection for your entire project or disable CSRF protection the specific controller action.

Oscar de la Hera Gomez
Written by Oscar de la Hera Gomez
First published on 12/19/2022 at 19:27
Last Updated on 12/20/2022 at 07:49
A flower that represents Craft CMS. Beneath it sits the text "400 Bad Request."

Either disable CSRF protection for your entire project or disable CSRF protection the specific controller action.

When making calls to actions or API built with Craft CMS, you might encounter a 400 Bad Request with a BadRequestHttpException: Unable to verify your data submission. To fix this do one of the following:

Set the enableCsrfValidation to false for the specific controller action

A screenshot showing how to set CSRF validation to false for a specific controller action in Craft CMS. The sample code that is highlighted in this screenshot can be found below.

Open the controller action that requires CSRF protection and in the beforeAction function, disable the CSRF validation using code similar to the one below.

This is recommended as it removes protection only in places where its needed. Enhancing the overall level of protection.

Disable CSRF Protection for the entire project

A screenshot of the general.php, with the CSRF Protection removed for the entire Craft CMS project. Sample code of what we used to do this is found below.

Open your general.php file found in config/general.php and add the following line:

->enableCsrfProtection(false)

This is not the recommended route as. this will disable CSRF protection for your entire Craft CMS, which raises security vulnerabilities.

Any Questions?

We are actively looking for feedback on how to improve this resource. Please send us a note to inquiries@delasign.com with any thoughts or feedback you may have.

SubscribeInquireView All PostsView All ServicesView All Work

Partner with us

We would love to get to know you and see how we can help your organization with its goals and needs.
Let's Talk

Stay Informed

Get occasional updates about our company, research, and product launches.
Subscribe