Using Symfony Form component standalone with security-csrf – error on submission

I have a question regarding symfony/form using as a standalone component and security-csrf running with PHP build-in server. I hardly remember having such issue with the Symfony framework.

When setting symfony/form as a standalone component I tried this code for both v4.2 and v5.1 A rewrite of webmozart’s example mentioned here

The csrf token is generated with twig-bridge, but when submitting the form – on calling$form->isValid()invalid csrf error appears.

By default csrf protection is enabled, setting to false – the form submits.

Tried CSRF component with both setups with NativeSessionTokenStorage and SessionTokenStorage + Session of HttpFoundation.

Could you give any hint on what I’m doing wrong and where to look at?

Code samples with csrf error on submission:

The apps above work well, the problem was in browser storage filled with garbage.

Setting to false in $formFactory->createBuilder(FormType::class, null, ['csrf_protection' => false]) submits the form

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *