CODEWITHSUNDEEP
phpformscsrfsymfony
chieroz
chieroz

Reputation: 63

Forms with Symfony 3

I am struggling with forms in Symfony 3.

The setup is pretty simple.

A. controller in /src/AppBundle/Controller/Admin/MovieAdminController.php

namespace AppBundle\Controller\Admin;

use AppBundle\Form\MovieFormType;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;

/**
 * @Route("/admin")
 */
class MovieAdminController extends Controller
{
    [...]

    /**
     * @Route("/movie/new", name="admin_movie_new")
     */
    public function newAction(Request $request)
    {
        $form = $this->createForm(MovieFormType::class);

        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            dump($form->getData());
        }

        return $this->render('admin/movie/new.html.twig', [
            'movieForm' => $form->createView()
        ]);
    }
}

B. formtype in /src/AppBundle/Form/MovieFormType.php

namespace AppBundle\Form;

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;

class MovieFormType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder
            ->add('title')
            ->add('genre')
            ->add('budget');
    }

    public function configureOptions(OptionsResolver $resolver)
    {

    }

}

C. twig template:

[...]
{{ form_start(movieForm) }}
{{ form_widget(movieForm) }}

<button type="submit" class="btn btn-primary">Save</button>

{{ form_end(movieForm) }}
[...]

When I submit the form I keep getting the dreadful message "The CSRF token is invalid. Please try to resubmit the form."

The form does have the hidden field with the token, but it seems to me that the submitted value is different from the value in session.

in the profiler I see:

POST Parameters

movie_form  [ title => blabla, genre => blabla, budget => 123, _token => e-zvG9Gk0qBJzTE4exIK3K5katq9-_AFEAWyTptx7rg ]

SESSION Parameters

_csrf/movie_form    QxbBQISsIwQLUlwWwAPa_l2xZbB5zqdHOwaOxrNAHtg

thank you for your help

Upvotes: 1

Views: 198

Answers (2)

chieroz
chieroz

Reputation: 63

I was able to solve my problem.

All was due to Symfony session handling. I am working with a Vagrant VM (Debian Jessie) and the standard setting in app/config/config.yml does not work (see this issue on Github).

It's only one little change: search the line

handler_id:  session.handler.native_file

and change it to

handler_id:  ~

And everything started working 100%.

Upvotes: 1

Ricardo
Ricardo

Reputation: 2497

You must put ad the end of your view but before {{ form_end(movieForm) }} {{form_rest(movieForm)}}. your code will look like

{{ form_start(movieForm) }}
{{ form_widget(movieForm) }}
{{form_rest(movieForm)}}
<button type="submit" class="btn btn-primary">Save</button>

{{ form_end(movieForm) }}

Upvotes: 0

Related Questions