I upgraded Yii2 yesterday to the newest version, after the upgrade most of my web controllers/actions are giving me
400 bad request Unable to verify your data submission ....
after some googling, the solution is to use Yii::$app->controller->enableCsrfValidation = false; in before action for every action gives you this error.
I need to understand why i am doing this, is it safe? is there another solution? i don't feel this way is the best way to get through this error.
This is a known bug at the moment (see https://github.com/yiisoft/yii2/issues/4497 and others). The Csrf cookie gets generated correctly but the validation is done incorrectly and therefor fails. csrf stands for Cross Site Request Forgery, an attack method to force clients to execute requests to the server. Using a unique generated token for each request you make it impossible to do such an attack since the attacker does not know and can not guess this token.
So yes, removing this option is a slight security risk, though not a very big one (it depends on your application and what you can do with a single request). You might want to wait for the next update, they are already fixing the issue.
At the current version this is the only bypass to fix the issue, unless you want to dive into the code yourself and fix it before they do it (I would not recommend that).
Hope that helps.