we had a Symfony2 project and for some reason we've changed the Host, after changing to a host with Plesk Panel, we are facing with The CSRF token is invalid. Please try to resubmit the form.
, I tried to figure out why? then provide a simple Twig form with following codes :
<!doctype html>
<html>
<head>
{# ... #}
<link rel="stylesheet"
href="{{ asset('assets/vendor/bootstrap/dist/css/bootstrap.min.css') }}">
</head>
<body>
<div class="container">
<h2>ADD Item to Crawling List</h2>
{{ form_start(form) }}
{{ form_widget(form) }}
{{ form_end(form) }}
</div>
</body>
</html>
and it rendered correctly
<!doctype html>
<html>
<head>
<link rel="stylesheet"
href="/assets/vendor/bootstrap/dist/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h2>ADD Item to Crawling List</h2>
<form name="form" method="post">
<div id="form"><div><label for="form_post_id" class="required">Instagram Post Id</label><input type="text" id="form_post_id" name="form[post_id]" required="required" /></div><div><button type="submit" id="form_save" name="form[save]">Fetch Comments</button></div><input type="hidden" id="form__token" name="form[_token]" value="j9YWKseFdkU4Z_Yc5nuwm72SKD4dT06gJpARLqPID6I" /><button type="submit" id="form_save" name="form[save]">Fetch Comments</button></div>
</form>
</div>
</body>
</html>
Also tried to add {{ form_rest(form) }}
but Not any achievement and the result is the same.
Another note is we didn't override session config handler in config
.yml` and it's
framework:
#esi: ~
#translator: { fallbacks: ["%locale%"] }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
#serializer: { enable_annotations: true }
templating:
engines: ['twig']
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
any solution or idea help us to resolve this issue will be appreciated.
You should add:
{{ form_rest(form) }}
Just before the form_end, this adds the CSRF token in a hidden input in your form.