13

I am reading tutorial here

https://symfony.com/doc/current/form/csrf_protection.html

how to add csrf token. It says to use 

form_end()

in the template. But this is not working, gives error:

Type error: Too few arguments to function Symfony\Component\Form\FormRenderer::renderBlock(), 0 passed in E:\projektai\php projektai\htdocs\mokomieji\symfony_4_demo\var\cache\dev\twig\bb\bb2248f7be504240fcc2ab43dabf593090ebc4c897ce72b1a979082d62914b47.php on line 48 and at least 2 expected

Here is answer which shows how to fix but it is only when you have form object built:

Symfony Type error: Too few arguments to function FormRenderer::renderBlock()

How to do this without having form object? Here is login from login documentation page:

{% if error %}
    <div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}

<form action="{{ path('login') }}" method="post">
    <label for="username">Username:</label>
    <input type="text" id="username" name="_username" value="{{ last_username }}" />

    <label for="password">Password:</label>
    <input type="password" id="password" name="_password" />

    <button type="submit">Login</button>

{{  form_end() }}
Improve this question

5 Answers 5

Reset to default
21

You can use the helper twig function csrf_token as described in the doc here, as example:

 <input type="hidden" name="_csrf_token"
        value="{{ csrf_token('authenticate') }}"
    >

More help in this answer.

UPDATE:

Other strategy: pass from controller:

    $tokenProvider = $this->container->get('security.csrf.token_manager');
    $token = $tokenProvider->getToken('example')->getValue();

Hope this help

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This does give error: An exception has been thrown during the rendering of a template ("CSRF tokens can only be generated if a CsrfTokenManagerInterface is injected in FormRenderer::__construct().").
what is "example" stand for in gettoken?
11

You can use {{ form_row(form._token) }} to generate the required CSRF token field to your form render in Symfony 3 (i'm currenlty use this method with Symfony 3.4).

Improve this answer

Comments

4

{{ form_end() }} works only if you have something like this:

{{ form_start(form) }}
{{ form_widget(form) }}
{{ form_end(form) }}

You can create custom token in your controller and then pass it to the view like this:

    $csrf = $this->container->get('security.csrf.token_manager');
    $token = $csrf->refreshToken('yourkey');

And then create hidden input in your twig with token:

<input type="hidden" name="_token" value="{{ token }}">
Improve this answer

Comments

0

To get the right csrf_token you should create the FormView with $form->createView(), then use the token inside it:

<input type="hidden" name="_token" value="{{ form._token.vars.value }}">

All the other solutions rely on generating a static string that does not change, which violates the purpose of the csrf tokens.

Improve this answer

Comments

0

For those who are looking for how to generate CSRF tokens inside your Controller methods:

    public function myMethod (
        CsrfTokenManagerInterface $csrfTokenManager
    ): JsonResponse
    {
        // validate token
        // $csrf_token = new CsrfToken('my_token', 'generated_token_value_here');
        // if(!$csrfTokenManager->isTokenValid($csrf_token)) {
        //     //failed. do something.
        //     return new JsonResponse();
        // }
        
        // generate token
        $token = $csrfTokenManager->getToken('my_token')->getValue();
        
        // refresh token
        // $csrfTokenManager->refreshToken('my_token');
        
        return new JsonResponse([
            "token'" => $token
        ]);
    }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.