CODEWITHSUNDEEP
phpsymfonysymfony-formscsrf-protection
Peyman Mohamadpour
Peyman Mohamadpour

Reputation: 17944

Error "The CSRF token is invalid. Please try to resubmit the form" in Symfony3

Problem

FOS user-bundle forms (login, register, ...) are working just fine, but not my own forms, giving me:

The CSRF token is invalid. Please try to resubmit the form

While I am trying to create a resource under:

http://www.project.local/app_dev.php/developer/new

or even:

http://www.project.local/developer/new

Environment

app/config/config.yml

framework:
    secret:          "%secret%"
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    #serializer:     { enable_annotations: true }
    templating:
        engines: ['twig']
    trusted_hosts:   ~
    trusted_proxies: ~
    session:
        handler_id:  session.handler.native_file
        save_path:   "%kernel.root_dir%/../var/sessions/%kernel.environment%"

    fragments:       ~
    http_method_override: true

# Twig Configuration
twig:
    debug:            "%kernel.debug%"
    strict_variables: "%kernel.debug%"
    form_themes:
        - 'form/form_div_layout.html.twig'

app/config/security.yml

security:
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager

DeveloperController

public function newAction(Request $request)
{
    $developer = new Developer();
    $form = $this->createForm(DeveloperType::class, $developer);
    $form->handleRequest($request);

    if ($form->isSubmitted() && $form->isValid()) {
        $em = $this->getDoctrine()->getManager();
        $em->persist($developer);
        $em->flush($developer);

        return $this->redirectToRoute('developer_show', array('id' => $developer->getId()));
    }

    return $this->render('BackendBundle:Developer:new.html.twig', array(
        'developer' => $developer,
        'form' => $form->createView(),
    ));
}

DeveloperType

class DeveloperType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options) {
        $builder->add('user');
    }

    public function configureOptions(OptionsResolver $resolver) {
        $resolver->setDefaults(array(
            'data_class' => Developer::class
        ));
    }

    public function getBlockPrefix() {
        return 'backendbundle_developer';
    }
}

Form - Template

{{ form_start(form) }}
{{ form_widget(form) }}
<button type="submit" name="{{ form.vars.name }}">Create</button>
{{ form_end(form) }}

Form - Generated

The form has always the hidden _token input field present.

<form name="form_name" method="post" class="ui form">
    <input type="hidden" name="form_name[_token]" value="YefVvhSvvNTItjw7ayDFwFi4sdf_6oOvsQjnUu9X7cw">
    <button type="submit" name="form_name">Create</button>
</form>

(form_name equals backendbundle_developer)

What did I do?

  1. Googled for hours and read all similar questions on Stack Overflow including the above

  2. Rechecked the file system permissions

    The httpd process is running under _www user, so:

    sudo chown -R _www var/
sudo chmod -R 775 var/

    Session files are created and updated under var/sessions/ successfully

  3. Changed app/config/config.yml entry

    session:
    handler_id: session.handler.native_file
    save_path: "%kernel.root_dir%/../var/sessions/%kernel.environment%"

    to

    session:
    handler_id: session.handler.native_file
    save_path: ~

with no success at all.

Similar questions

This is not a duplicate of these similar questions:

Upvotes: 0

Views: 3701

Answers (1)

ste
ste

Reputation: 1529

You should change this

<button type="submit" name="form_name">Create</button>

With this

<button type="submit" name="form_name[submit]">Create</button>

Upvotes: 1

Related Questions