Following is my AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
$this->loadComponent('RequestHandler', [
'enableBeforeRedirect' => false,
]);
$this->loadComponent('Auth', [
'unauthorizedRedirect' => [
'controller' => 'Users',
'action' => 'login'
],
'storage' => 'Session'
]);
$this->loadComponent('Flash');
/*
* Enable the following component for recommended CakePHP security settings.
* see https://book.cakephp.org/3/en/controllers/components/security.html
*/
//$this->loadComponent('Security');
}
and my Application.php
public function middleware($middlewareQueue)
{
$options = ['httpOnly' => true];
$csrf = new CsrfProtectionMiddleware($options);
$middlewareQueue
->add(new ErrorHandlerMiddleware(null, Configure::read('Error')))
->add(new AssetMiddleware([
'cacheTime' => Configure::read('Asset.cacheTime'),
]))
->add(new RoutingMiddleware($this))
->add($csrf);
return $middlewareQueue;
}
and the following is my view.
<form action="<?= Router::url(['controller' => 'Users', 'action' => 'registration']) ?>" method="POST">
<input type="hidden" name="_csrfToken" value="<?= $this->request->getParam('_csrfToken'); ?>" />
</form>
Still, when i submit the form it says
Try to make your form with CakePHP Form Helper
<?= $this->Form->create($users, ['url' => ['controller' => 'Users', 'action' => 'registration']]) ?>
....
<?= $this->Form->end() ?>