4

I am using CraftCMS, and I am getting this error:

Invalid Configuration – yii\base\InvalidConfigException
craft\web\Request::cookieValidationKey must be configured with a secret key.

The longer error is:

1. in /code/vendor/yiisoft/yii2/web/Request.phpat line 1678
1669167016711672167316741675167616771678167916801681168216831684168516861687     * Converts `$_COOKIE` into an array of [[Cookie]].
     * @return array the cookies obtained from request
     * @throws InvalidConfigException if [[cookieValidationKey]] is not set when [[enableCookieValidation]] is true
     */
    protected function loadCookies()
    {
        $cookies = [];
        if ($this->enableCookieValidation) {
            if ($this->cookieValidationKey == '') {
                throw new InvalidConfigException(get_class($this) . '::cookieValidationKey must be configured with a secret key.');
            }
            foreach ($_COOKIE as $name => $value) {
                if (!is_string($value)) {
                    continue;
                }
                $data = Yii::$app->getSecurity()->validateData($value, $this->cookieValidationKey);
                if ($data === false) {
                    continue;
                }

My .env file is such:

# The environment Craft is currently running in ("dev", "staging", "production", etc.)
ENVIRONMENT="dev"

# The application ID used to to uniquely store session and cache data, mutex locks, and more
APP_ID="CraftCMS"

# The secure key Craft will use for hashing and encrypting data
SECURITY_KEY="xxxxxxxx"

# The database driver that will be used ("mysql" or "pgsql")
DB_DRIVER="mysql"

# The database server name or IP address
DB_SERVER="mariadb"

# The port to connect to the database with
DB_PORT="3306"

# The name of the database to select
DB_DATABASE="dev_craftcms"

# The database username to connect with
DB_USER="root"

# The database password to connect with
DB_PASSWORD="abc123"

# The database schema that will be used (PostgreSQL only)
DB_SCHEMA=""

# The prefix that should be added to generated table names (only necessary if multiple things are sharing the same database)
DB_TABLE_PREFIX=""

DEFAULT_SITE_URL="http://www.amira.local/"

Am I missing anything?

Devin Dixon
  • 11,553
  • 24
  • 86
  • 167

2 Answers2

3

Your env file is only somewhere to store those secrets so they are not commited to source control, Craft does not automatically pull values from there directly. In this the security key is set in Craft' general config file config/general.php and should be set as:

    // The secure key Craft will use for hashing and encrypting data
    'securityKey' => getenv('SECURITY_KEY'),

I suspect it is not set in the general cofig, so you get an error. As an aside xxxxxxxxx isn't very secure, I'd recommend using a strong password there.

Seth Warburton
  • 2,234
  • 1
  • 16
  • 17
2

You can set your Craft Key by typing this in your terminal path:

php craft setup/security-key
Alexis Dalai Waldo Jiménez
  • 101
  • 1
  • 7