Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

symfony2 CSRF invalid

Tags:

Okay, so today I updated my database with new information from our 'live' database... And since then I've been having issues on one of my forms. If you need any code let me know and i'll edit this and post the code needed...

I have a report form which has a date range field and a drop down for an agent department. When I first visit the page I see this at the beginning of the form:

The CSRF token is invalid. Please try to resubmit the form

So I go over to one of my other forms that has the same type of information, and check the _token out and this is what comes out:

<input type="hidden" id="ecs_crmbundle_TimeClockReportType__token" name="ecs_crmbundle_TimeClockReportType[_token]" value="87e358fbc4d6d3e83601216b907a02170f7bcd92" /> <input type="hidden" id="ecs_crmbundle_SimpleSalesReportType__token" name="ecs_crmbundle_SimpleSalesReportType[_token]" value="87e358fbc4d6d3e83601216b907a02170f7bcd92" />

The first one is the one that shows the error, and the SimpleSalesReport does not... Any idea why this is doing this or how I can fix it?

Thanks..

like image 632
Justin Avatar asked May 04 '12 04:05

Justin

People also ask

How do I fix invalid CSRF token in Firefox?

Firefox usersOpen the Firefox Options menu. On the left, select Privacy & Security. Under Cookies and Site Data click on Manage Permissions, copy and paste "https://happyfox.com" and click Allow. Click Save Changes.

What is CSRF token in Symfony?

CSRF - or Cross-site request forgery - is a method by which a malicious user attempts to make your legitimate users unknowingly submit data that they don't intend to submit. Fortunately, CSRF attacks can be prevented by using a CSRF token inside your forms.

How is CSRF token implemented?

When a CSRF token is generated, it should be stored server-side within the user's session data. When a subsequent request is received that requires validation, the server-side application should verify that the request includes a token which matches the value that was stored in the user's session.

2 Answers

Are you by chance using $form->bindRequest() in the action which produces the CSRF error? I had this issue. You should not be binding the request for a new form. If you are posting the form to the same action, wrap the bindRequest in a conditional which checks if method is POST:

if ($this->getRequest()->getMethod() == 'POST') {   $form->bindRequest($this->getRequest());   if ($form->isValid()) {     ...   } }
like image 150
dylan oliver Avatar answered Oct 09 '22 09:10

dylan oliver

There is no problem using {{ form_widget(form) }} to build your custom form. All you have to do is add the _token like this: {{ form_widget(form._token) }}

like image 21
Marc Juchli Avatar answered Oct 09 '22 11:10

Marc Juchli
Sign in to Comment

Related questions

iOS Table View Refresh Cell
Is there a way to convert mm:ss.00 to seconds.00?
Get current year and month (and next month) in this format YYYYMM in Ruby
Detect carrier connection type (3G / EDGE / GPRS)
Get the sum of the outerHeight of all elements of the same class
date format in node.JS
Setting different alignments for listview columns
Referencing a static NSString * const from another class
How to Save/Overwrite existing Excel file with Excel Interop - C#
ActionController::RoutingError (No route matches [GET] "/assets/images/control_top.png"): in rails 3.2.8
Loading an image onto a canvas with javaScript
PowerShell: remove or replace quote marks from variable

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!