From 93d5f5a3ec1b71b1ff6130f071d7d1f4927155e0 Mon Sep 17 00:00:00 2001
From: Qiang Xue <qiang.xue@gmail.com>
Date: Sun, 22 Sep 2013 13:01:27 -0400
Subject: [PATCH] Fixes #897.

---
 framework/yii/base/ErrorHandler.php | 2 ++
 framework/yii/web/Request.php       | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/framework/yii/base/ErrorHandler.php b/framework/yii/base/ErrorHandler.php
index 41fa7f9..40f5c37 100644
--- a/framework/yii/base/ErrorHandler.php
+++ b/framework/yii/base/ErrorHandler.php
@@ -93,6 +93,8 @@ class ErrorHandler extends Component
 		$response->getHeaders()->removeAll();
 
 		if ($useErrorView && $this->errorAction !== null) {
+			// disable CSRF validation so that errorAction can run in case the error is caused by CSRF validation failure
+			Yii::$app->getRequest()->enableCsrfValidation = false;
 			$result = Yii::$app->runAction($this->errorAction);
 			if ($result instanceof Response) {
 				$response = $result;
diff --git a/framework/yii/web/Request.php b/framework/yii/web/Request.php
index c76fd4e..4fb6257 100644
--- a/framework/yii/web/Request.php
+++ b/framework/yii/web/Request.php
@@ -1001,7 +1001,8 @@ class Request extends \yii\base\Request
 	 */
 	public function getCsrfTokenFromHeader()
 	{
-		return isset($_SERVER[self::CSRF_HEADER]) ? $_SERVER[self::CSRF_HEADER] : null;
+		$key = 'HTTP_' . str_replace('-', '_', strtoupper(self::CSRF_HEADER));
+		return isset($_SERVER[$key]) ? $_SERVER[$key] : null;
 	}
 
 	/**