发表新帖
发表新帖

How to render CSRF input in twig?

前端 未结
关注
5 1609
野性不改
野性不改 2021-02-02 06:39

I know there\'s the usual way to render CSRF token hidden input with form_rest, but is there a way to render just CSRF input itself? I\'ve overridd

相关标签:
5条回答
  • 时光说笑
    2021-02-02 06:52

    If you have formView object, you can render it using Twig function:

    {{ form_widget(formView._token) }}

    If you haven't - you can render token without using form object directly:

    <input type="hidden" name="token" value="{{ csrf_token('some-name') }}">

    Works in Symfony 2.x and 3.x

    To validate the token you can use the following code in your controller (Symfony 3.x):

    $submittedToken = $request->request->get('token');

if ($this->isCsrfTokenValid('some-name', $submittedToken)) {
    // ... do something,
}
    0 讨论(0)
  • 情深已故
    2021-02-02 06:52

    I needed to render the csrf input inside Twig so that I could use it for Delete operations. Using {{ csrf_token('authenticate') }} as per @YuryPliashkou's answer gives me the incorrect token (one which is only valid for logins!)

    What worked for me was this {{ csrf_token('form') }} which gives me the correct csrf token which I would then pass to my controller via ajax.

    <span id="csrf_token" data-token="{{ csrf_token('form') }}"></span> 
// my ajax call
$.ajax({
    url: localhost/admin/product/4545,   // 4545->id of the item to be deleted
    type: 'POST',
    data: {
        "_method": "DELETE",
        "form[_token]": $("#csrf_token").data("token")   // passed csrf token here
    },
    success: function(result) {
        // Do something 
   }
});

    Verified its working on Symfony 3.x.

    Reference

    0 讨论(0)
  • 青春惊慌失措
    2021-02-02 07:08

    didn't find solution worked for me, finded and tested and worked for my Simfony3 value="{{ _token }}" in example

         <form name="form" method="post" action="{{ path('blog_show', { 'id': blog.id }) }}">
       <input name="_method" value="DELETE" type="hidden">
       <input class="btn btn-danger" value="Delete" type="submit">
       <input id="form__token" name="form[_token]" value="{{ _token }}" type="hidden">
    </form>

    more about scrf can be viewed here: Creating forms manually in Symfony2, but still use its CSRF and isValid() functionalily

    0 讨论(0)
  • 生来不讨喜
    2021-02-02 07:10

    you can do it with {{ form_widget(formView._token) }}

    0 讨论(0)
  • 刺人心
    2021-02-02 07:12

    Or you can just simply use this :

    {{ form_row(form._token) }}

    This will automatically generate the proper hidden HTML elements, ie the proper HTML structure and field names, according to the type of form you're using.

    0 讨论(0)
 看不清?
提交回复
热议问题