Symfony Form, CSRF token missing

Question

Like in the topic, i have problem with CSRF token missing. This is my form:

$builder
            ->add('email', 'email', array(
                'label' => 'Adres e-mail'
            ))
            ->add('userFirstname', 'text', array(
                'label' => 'Imię',
                'required' => false
            ))
            ->add('userLastname', 'text', array(
                'label' => 'Nazwisko',
                'required' => false
            ))
            ->add('userBusiness', 'entity', array(
                'label' => 'Firma',
                'required' => false,
                'class' => 'Cloud\CrmBundle\Entity\RelationContact',
                'query_builder' => function(EntityRepository $er) {
                    return $er->createQueryBuilder('u')->where("u.type = 'b'");
                },
                'empty_value' => true
            ))
            ->add('old_password', 'password', array(
                'label' => 'Stare hasło',
                'mapped' => false,
                'required' => false
            ))
            ->add('new_password', 'repeated', array(                
                'first_options' => array(
                    'label' => 'Nowe hasło'),
                'second_options' => array(
                    'label' => 'Powtórz nowe hasło'),
                'mapped' => false,
                'required' => false,
                'type' => 'password'
            ));

My view:

<div class="form-horizontal">
            {{ form_row(form.email) }}
            {{ form_row(form.userFirstname) }}
            {{ form_row(form.userLastname) }}
            {{ form_row(form.userBusiness) }}
        {{ form_row(form.old_password) }}
        {{ form_row(form.new_password) }}
        </div>
</div>

What's wrong guys? Any ideas? :( I just don't understand this strange error... What could cause that ?

Quite simple, you need to call `{{ form_rest(form)` OR `{{ form_widget(form._token) }}` — Jovan Perovic, Nov 19 '13 at 11:22
... or set form parameter `csrf_protection` to `FALSE` in order to disable CSRF check altogether.... — Jovan Perovic, Nov 19 '13 at 11:23

score 2 · Accepted Answer · edited Nov 19 '13 at 12:38

2

Probably you've to add this _token by hand because you're trying to display form manually:

{{ form_widget(form._token) }}

edited Nov 19 '13 at 12:38

Jovan Perovic

19,846
5
44
85

answered Nov 19 '13 at 11:23

Alexander Vasilenko

706
1
11
24

score 0 · Answer 2 · edited May 23 '17 at 12:31

0

Symfony2 set a hidden field with the required informations. For this you have to include the hidden fields with:

{{ form_widget(form._token) }}

if you don't want the CSRF-Protection then you can disable the dunction in your parameters file.

Disable symfony 2 csrf token protection on ajax submit

edited May 23 '17 at 12:31

Community

1
1

answered Nov 19 '13 at 11:25

René Höhle

26,716
22
73
82

score 0 · Answer 3 · answered Jun 02 '18 at 11:27

If you use form_start and form_end symfony will add the token field to the form automatically

<div class="form-horizontal">
    {{ form_start(form) }}
        {{ form_row(form.email) }}
        {{ form_row(form.userFirstname) }}
        {{ form_row(form.userLastname) }}
        {{ form_row(form.userBusiness) }}
        {{ form_row(form.old_password) }}
        {{ form_row(form.new_password) }}
    {{ form_end(form) }}
</div>

Symfony Form, CSRF token missing

3 Answers3