2

Some of my users experience a CSRF error in my web-application. They tell me that they don't know what to do about it.

In order to have a better user experience I would like to translate the message. Can someone tell me how I can do this?

Also, how do I actually replicate the CSRF error in my dev environment?

I am using both Symfony 2.8 and 3.0.

xfscrypt
  • 16
  • 5
  • 28
  • 59

3 Answers3

3

Remember to add your translation in a validator validator.<lang>.<type> files (not in a message: messages) as example:

validator.en.yml

<trans-unit id="1">
    <source>The CSRF token is invalid. Please try to resubmit the form.</source>
    <target>The CSRF token is invalid. Please try to resubmit the form.</target>
</trans-unit>

EDIT - refresh cache after every change of the translation files

EDIT - test/replicate the behaviour:

You can use a tool like firebug for edit and change the _token form hidden element and submit the form OR temporally remove the field from your form.

Hope this help

Matteo
  • 37,680
  • 11
  • 100
  • 115
  • thanks alot! do you know how I can replicate it in the dev-environement? (so I can test if the translation is working?) – xfscrypt Jan 18 '16 at 07:32
  • Hi @apfz you are welcome! you can use a tool like firebug for edit and change the _token form hidden element and submit the form OR temporally remove the field from your form. Let me know your best approach. – Matteo Jan 18 '16 at 07:34
  • Ok. thanks to your instructions I am able to replicate it. However, it appears to be a security.. file instead of a validator file that creates the message. I'm not sure where to override this file. I have tried: app/Resources/Symfony/Component/Security/Core/Resources/translations/security.en.xlf, app/Resources/translations/security.en.xlf and app/Resources/Symfony/Component/Security/Resources/translations/security.en.xlf – xfscrypt Jan 18 '16 at 07:50
  • Hi @apfz of course, the files you mention are about security ie user login (yes, you need to translate this key also if you need to change the message). don't worry about the place of your files of translation (any valid path is ok) remember to clear the cache every time you change the value. Hope this help – Matteo Jan 18 '16 at 07:55
  • cache was indeed the problem. problem solved! perhaps you want to add your suggestion on how to replicate the CSRF message to your answer. – xfscrypt Jan 18 '16 at 08:54
  • Not working for me. I still get the original message. translator itself works fine and any other error messages are translated except this one. Not a cache problem as well. – user4271704 Oct 17 '19 at 12:28
1

You can replace message to added following line in your translation file 

    <trans-unit id="1">
        <source>The CSRF token is invalid. Please try to resubmit the form.</source>
        <target>The CSRF token is invalid. Please try to resubmit the form.</target>
    </trans-unit>

In target tag you can change your custom message. Let me know if any kind of query regarding this

Ashok Chitroda
  • 361
  • 2
  • 11
  • Not working for me. I still get the original message. translator itself works fine and any other error messages are translated except this one. Not a cache problem as well. – user4271704 Oct 17 '19 at 12:27
1

If you want to translate for specific form, pass translated value in form options array - csrf_message. (At least on 3.4 symfony). Like in controller when you create

$options['csrf_message'] = 'Translated value'
$this->createForm(CheckoutType::class, $data, $options);

One of replication options is to modify find that $_POST array in front controller. Like in app.php

$_POST['checkout']['_token'] = '1';
Darius.V
  • 737
  • 1
  • 13
  • 29