CSRF 令牌无效。 请尝试重新提交表格
[英]The CSRF token is invalid. Please try to resubmit the form
问题描述
I'm getting this error message every time I try to submit the form:
每次尝试提交表单时,我都会收到此错误消息:
The CSRF token is invalid.
My form code is this:我的表单代码是这样的:
<form novalidate action="{{path('signup_index')}}" method="post" {{form_enctype(form)}} role="form" class="form-horizontal">
<div class="form-group">
{{ form_label(form.email, 'Email', {'label_attr': {'class': 'col-md-1 control-label'}}) }}
{{ form_widget(form.email, {'attr': {'class': 'col-md-2'}}) }}
{{ form_errors(form.email) }}
</div>
<div class="form-group">
{{ form_label(form.nickname, 'Nickname', {'label_attr': {'class': 'col-md-1 control-label'}}) }}
{{ form_widget(form.nickname, {'attr':{'class': 'col-md-2'}}) }}
{{ form_errors(form.nickname, {'attr': {'class': 'col-md-3'}}) }}
</div>
<div class="form-group">
{{ form_label(form.password, 'password', {'label_attr': {'class': 'col-md-1 control-label'}}) }}
{{ form_widget(form.password, {'attr': {'class': 'col-md-2'}}) }}
{{ form_errors(form.password, {'attr': {'class': 'col-md-3'}}) }}
</div>
<div class="form-group">
{{ form_label(form.password_repeat, 'Repeat password', {'label_attr': {'class': 'col-md-1 control-label'}}) }}
{{ form_widget(form.password_repeat, {'attr':{'class': 'col-md-2'}}) }}
{{ form_errors(form.password_repeat, {'attr': {'class': 'col-md-3'}}) }}
</div>
<div class="form-group">
<div class="col-md-1 control-label">
<input type="submit" value="submit">
</div>
</div>
</form>
Any ideas?有任何想法吗?
15 个解决方案
解决方案1
96 已采纳 2014-05-04 11:41:14
You need to add the _token in your form ie您需要在表单中添加_token ,即
{{ form_row(form._token) }}
As of now your form is missing the CSRF token field.截至目前,您的表单缺少 CSRF 令牌字段。 If you use the twig form functions to render your form like form(form) this will automatically render the CSRF token field for you, but your code shows you are rendering your form with raw HTML like <form></form> , so you have to manually render the field.如果您使用 twig 表单函数来呈现表单,例如form(form)这将自动为您呈现 CSRF 令牌字段,但您的代码显示您正在使用原始 HTML 呈现表单,例如<form></form> ,因此您必须手动渲染该字段。
Or, simply add {{ form_rest(form) }} before the closing tag of the form.或者,只需在{{ form_rest(form) }}的结束标记之前添加{{ form_rest(form) }} 。
According to docs
This renders all fields that have not yet been rendered for the given form.
解决方案2
32 2014-11-05 20:39:55
Also you can see this error message when your form has a lot of elements.当您的表单有很多元素时,您也可以看到此错误消息。
This option in php.ini cause of problem php.ini 中的这个选项导致问题
; How many GET/POST/COOKIE input variables may be accepted
max_input_vars = 1000
Problem is that _token field misses PUT (GET) request, so you have to increase value.问题是 _token 字段未命中 PUT (GET) 请求,因此您必须增加值。
Also, it concerns a big files.此外,它涉及一个大文件。 Increasing the增加
upload_max_filesize
option will solve problem.选项将解决问题。
解决方案3
9
This happens because forms by default contain CSRF protection, which is not necessary in some cases.发生这种情况是因为表单默认包含 CSRF 保护,这在某些情况下是不必要的。
You can disable this CSRF protection in your form class in getDefaultOptions method like this:您可以在getDefaultOptions方法中的表单类中禁用此 CSRF 保护,如下所示:
// Other methods omitted
public function getDefaultOptions(array $options)
{
return array(
'csrf_protection' => false,
// Rest of options omitted
);
}
If you don't want to disable CSRF protection, then you need to render the CSRF protecion field in your form.如果您不想禁用 CSRF 保护,则需要在表单中呈现 CSRF 保护字段。 It can be done by using {{ form_rest(form) }} in your view file, like this:可以通过在视图文件中使用{{ form_rest(form) }}来完成,如下所示:
<form novalidate action="{{path('signup_index')}}" method="post" {{form_enctype(form)}} role="form" class="form-horizontal">
<!-- Code omitted -->
<div class="form-group">
<div class="col-md-1 control-label">
<input type="submit" value="submit">
</div>
</div>
{{ form_rest(form) }}
</form>
{{ form_rest(form) }} renders all fields which you haven't entered manually. {{ form_rest(form) }}呈现您尚未手动输入的所有字段。
解决方案4
7 2014-05-04 11:46:05
Before your </form> tag put:在你的</form>标签之前:
{{ form_rest(form) }}
It will automatically insert other important (hidden) inputs.它会自动插入其他重要的(隐藏的)输入。
解决方案5
4 2017-03-31 13:27:22
I had this issue with a weird behavior: clearing the browser cache didn't fix it but clearing the cookies (that is, the PHP session ID cookie) did solve the issue.我遇到了一个奇怪行为的问题:清除浏览器缓存并没有解决它,但清除 cookie(即 PHP 会话 ID cookie)确实解决了这个问题。
This has to be done after you have checked all other answers, including verifying you do have the token in a hidden form input field.这有你检查了所有其他的答案后,包括验证你有一个隐藏的表单输入字段的令牌来完成。
解决方案6
3 2017-01-18 03:49:53
In addition to others' suggestions you can get CSRF token errors if your session storage is not working.除了其他人的建议之外,如果您的会话存储不工作,您可能会收到 CSRF 令牌错误。
In a recent case a colleague of mine changed 'session_prefix' to a value that had a space in it.在最近的一个案例中,我的一位同事将“session_prefix”更改为一个包含空格的值。
session_prefix: 'My Website'
This broke session storage, which in turn meant my form could not obtain the CSRF token from the session.这破坏了会话存储,这反过来意味着我的表单无法从会话中获取 CSRF 令牌。
解决方案7
2 2017-03-12 19:09:32
If you have converted your form from plain HTML to twig, be sure you didn't miss deleting a closing </form> tag.如果您已将表单从纯 HTML 转换为 twig,请确保您没有遗漏删除结束</form>标记。 Silly mistake, but as I discovered it's a possible cause for this problem.愚蠢的错误,但正如我发现的那样,这可能是导致此问题的原因。
When I got this error, I couldn't figure it out at first.当我遇到这个错误时,一开始我无法弄清楚。 I'm using form_start() and form_end() to generate the form, so I shouldn't have to explicitly add the token with form_row(form._token) , or use form_rest() to get it.我正在使用form_start()和form_end()来生成表单,因此我不必使用form_row(form._token)显式添加令牌,或者使用form_rest()来获取它。 It should have already been added automatically by form_end() . 它应该已经由form_end()自动添加。
The problem was, the view I was working with was one that I had converted from plain HTML to twig, and I had missed deleting the closing </form> tag, so instead of :问题是,我正在使用的视图是我从纯 HTML 转换为 twig 的视图,并且我错过了删除结束</form>标记,因此而不是:
{{ form_end(form) }}
I had:我有:
</form>
{{ form_end(form) }}
That actually seems like something that might throw an error, but apparently it doesn't, so when form_end() outputs form_rest() , the form is already closed.这实际上看起来可能会引发错误,但显然不会,因此当form_end()输出form_rest() ,表单已经关闭。 The actual generated page source of the form was like this:表单实际生成的页面源码是这样的:
<form>
<!-- all my form fields... -->
</form>
<input type="hidden" id="item__token" name="item[_token]" value="SQAOs1xIAL8REI0evGMjOsatLbo6uDzqBjVFfyD0PE4" />
</form>
Obviously the solution is to delete the extra closing tag and maybe drink some more coffee.显然,解决方案是删除多余的结束标签,然后再喝一些咖啡。
解决方案8
2 2017-06-01 19:20:38
I had this error recently.我最近有这个错误。 Turns out that my cookie settings were incorrect in config.yml.原来我的 cookie 设置在 config.yml 中不正确。 Adding the cookie_path and cookie_domain settings to framework.session fixed it.将cookie_path和cookie_domain设置添加到framework.session修复了它。
解决方案9
1 2019-08-08 11:53:05
I hade the same issue recently, and my case was something that's not mentioned here yet:我最近遇到了同样的问题,我的案例在这里还没有提到:
The problem was I was testing it on localhost domain.问题是我在localhost域上测试它。 I'm not sure why exactly was this an issue, but it started to work after I added a host name alias for localhost into /etc/hosts like this:我不确定为什么这是一个问题,但是在我将localhost的主机名别名添加到/etc/hosts后它开始工作,如下所示:
127.0.0.1 foobar
There's probably something wrong with the session while using Apache and localhost as a domain.使用 Apache 和localhost作为域时,会话可能有问题。 If anyone can elaborate in the comments I'd be happy to edit this answer to include more details.如果有人可以在评论中详细说明,我很乐意编辑此答案以包含更多详细信息。
解决方案10
0 2014-06-24 09:13:20
In case you don't want to use form_row or form_rest and just want to access value of the _token in your twig template.如果您不想使用 form_row 或 form_rest 而只想访问 twig 模板中 _token 的值。 Use the following:使用以下内容:
<input type="hidden" name="form[_token]" value="{{ form._token.vars.value }}" />
解决方案11
0 2016-04-06 21:42:26
In my case I got a trouble with the maxSize annotation in the entity, so I increased it from 2048 to 20048.就我而言,实体中的 maxSize 注释出现问题,因此我将其从 2048 增加到 20048。
/**
* @Assert\File(
* maxSize = "20048k",
* mimeTypes = {"application/pdf", "application/x-pdf"},
* mimeTypesMessage = "Please upload a valid PDF"
* )
*/
private $file;
hope this answer helps!希望这个答案有帮助!
解决方案12
0 2018-02-21 19:12:35
I faced a similar issue.我遇到了类似的问题。 After ensuring the token field was actually rendered (see accepted answer) I checked my cookies.在确保实际呈现令牌字段后(请参阅接受的答案),我检查了我的 cookie。 There were 2(!) cookies for the domain in my Chrome browser, apparently because I was running the application on the same domain as another app, but with a different port (ie mydomain.com set the original cookie while the buggy app was running on mydomain.com:123) Now apparently Chrome sent the wrong cookie so the CSRF protection was unable to link the token to the correct session.我的 Chrome 浏览器中有 2(!)个域的 cookie,显然是因为我在与另一个应用程序相同的域上运行该应用程序,但使用不同的端口(即 mydomain.com 在有问题的应用程序运行时设置了原始 cookie在 mydomain.com:123) 现在显然 Chrome 发送了错误的 cookie,因此 CSRF 保护无法将令牌链接到正确的会话。
Fix: clear all the cookies for the domain in question, make sure you don't run multiple applications on the same domain with differing ports.修复:清除相关域的所有 cookie,确保您没有在具有不同端口的同一域上运行多个应用程序。
解决方案13
0 2018-03-25 22:01:03
I had the same error, but in my case the problem was that my application was using multiple first-level domains, while the cookie was using one.我有同样的错误,但就我而言,问题是我的应用程序使用了多个一级域,而 cookie 使用了一个。 Removing cookie_domain: ".%domain%" from framework.session in the config.yml caused cookies to default to whatever domain the form was on, and that fixed the problem.从config.yml framework.session中删除cookie_domain: ".%domain%"导致 cookie 默认为表单所在的任何域,这解决了问题。
解决方案14
0 2020-06-30 09:02:30
You need to remember that CSRF token is stored in the session, so this problem can also occur due to invalid session handling.您需要记住 CSRF 令牌存储在会话中,因此由于会话处理无效,也会出现此问题。 If you're working on the localhost, check eg if session cookie domain is set correctly (in PHP it should be empty when on localhost).如果您在 localhost 上工作,请检查例如会话 cookie 域是否设置正确(在 PHP 中,在 localhost 上它应该是空的)。
解决方案15
-1 2016-02-03 21:08:58
This seems to be an issue when using bootstrap unless you are rendering the form by {{ form(form)}}.这在使用引导程序时似乎是一个问题,除非您通过 {{ form(form)}} 呈现表单。 In addition, the issues seems to only occur on input type="hidden".此外,问题似乎只发生在 input type="hidden" 上。 If you inspect the page the with the form, you'll find that the hidden input is not part of the markup at all or it's being rendered but not submitted for some reason.如果您使用表单检查页面,您会发现隐藏的输入根本不是标记的一部分,或者它正在呈现但由于某种原因未提交。 As suggested above, adding {{form_rest(form)}} or wrapping the input like below should do the trick.如上所述,添加 {{form_rest(form)}} 或像下面这样包装输入应该可以解决问题。
<div class="form-group">
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
</div>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.