Search code examples
phpsymfonysessioncsrf

CSRF token is invalid after changing Host

we had a Symfony2 project and for some reason we've changed the Host, after changing to a host with Plesk Panel, we are facing with The CSRF token is invalid. Please try to resubmit the form., I tried to figure out why? then provide a simple Twig form with following codes : 

<!doctype html>
<html>
<head>
    {# ... #}

    <link rel="stylesheet"
          href="{{ asset('assets/vendor/bootstrap/dist/css/bootstrap.min.css') }}">
</head>
<body>

<div class="container">
    <h2>ADD Item to Crawling List</h2>
    {{ form_start(form) }}
    {{ form_widget(form) }}
    {{ form_end(form) }}
</div>
</body>
</html>

and it rendered correctly 

<!doctype html>
<html>
<head>

    <link rel="stylesheet"
          href="/assets/vendor/bootstrap/dist/css/bootstrap.min.css">
</head>
<body>

<div class="container">
    <h2>ADD Item to Crawling List</h2>
    <form name="form" method="post">
    <div id="form"><div><label for="form_post_id" class="required">Instagram Post Id</label><input type="text" id="form_post_id" name="form[post_id]" required="required" /></div><div><button type="submit" id="form_save" name="form[save]">Fetch Comments</button></div><input type="hidden" id="form__token" name="form[_token]" value="j9YWKseFdkU4Z_Yc5nuwm72SKD4dT06gJpARLqPID6I" /><button type="submit" id="form_save" name="form[save]">Fetch Comments</button></div>    
    </form>
</div>
</body>
</html>

Also tried to add {{ form_rest(form) }} but Not any achievement and the result is the same.

Another note is we didn't override session config handler in config.yml` and it's

framework:
    #esi:             ~
    #translator:      { fallbacks: ["%locale%"] }
    secret:          "%secret%"
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    #serializer:      { enable_annotations: true }
    templating:
        engines: ['twig']
    default_locale:  "%locale%"
    trusted_hosts:   ~
    trusted_proxies: ~
    session:
        # handler_id set to null will use default session handler from php.ini
        handler_id:  ~

any solution or idea help us to resolve this issue will be appreciated.

Solution

  • You should add:

    {{ form_rest(form) }}

    Just before the form_end, this adds the CSRF token in a hidden input in your form.