I think I read enough topics for posting this question... and I really want to know why my submission using ajax is invalid (The CSRF token is invalid. Please try to resubmit the form).
This is how I send my form data and the csrf token.
<form name="ReviewForm" ng-init="formData = { url: '{{ path('my_route') }}', token: '{{ csrf_token('review') }}' } ng-submit="sendReview(ReviewForm.$valid)" other parameters... >
In my angular controller :
myAppcontroller('FormManagerCtrl', ['$scope', '$http', function ($scope, $http) {
$scope.formData = {};
$scope.sendReview = function (isValid) {
if (isValid) {
$http.post($scope.formData.url, $.param({
'review[pseudo]': $scope.formData.pseudo,
'review[email]': $scope.formData.email,
'review[title]': $scope.formData.title,
'review[website]': $scope.formData.website,
'review[rate]': $scope.formData.rate,
'review[content]': $scope.formData.content,
'_csrf_token': $scope.formData.token
}), {
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
})
.success(function (data, status, headers, config) {
console.log('ok');
})
.error(function (data, status) {
console.log('ko');
});
}
};
}]);
The name of my form is "review".
// Form type class
public function getName()
{
return 'review';
}
I tried different names (_token etc...), I checked if {{ form_widget(form._token) }} and csrf_token('review') returned the same value but without success.
Thanks in advance for your help.
in symfony2 forms the elements id and name attributes are composed of the getName()+field name, in your case the token will have id="review__token" and name="review[_token]", so, the framework will check that review[_token] is present in the post data. I think you need to change your _csrf_token param for review[_token] just like the others params.