Symfony 4 - how to add csrf token without building form?

Question 1

Symfony 4 - how to add csrf token without building form?

forms symfony symfony-forms csrf-protection

Dariux · Dec 18, 2017 · Viewed 14.1k times · Source

Answer

Answer

You can use the helper twig function csrf_token as described in the doc here, as example:

 <input type="hidden" name="_csrf_token"
        value="{{ csrf_token('authenticate') }}"
    >

More help in this answer.

UPDATE:

Other strategy: pass from controller:

    $tokenProvider = $this->container->get('security.csrf.token_manager');
    $token = $tokenProvider->getToken('example')->getValue();

Hope this help

Question 2

I am reading tutorial here

https://symfony.com/doc/current/form/csrf_protection.html

how to add csrf token. It says to use

form_end()

in the template. But this is not working, gives error:

Type error: Too few arguments to function Symfony\Component\Form\FormRenderer::renderBlock(), 0 passed in E:\projektai\php projektai\htdocs\mokomieji\symfony_4_demo\var\cache\dev\twig\bb\bb2248f7be504240fcc2ab43dabf593090ebc4c897ce72b1a979082d62914b47.php on line 48 and at least 2 expected

Here is answer which shows how to fix but it is only when you have form object built:

Symfony Type error: Too few arguments to function FormRenderer::renderBlock()

How to do this without having form object? Here is login from login documentation page:

{% if error %}
    <div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}

<form action="{{ path('login') }}" method="post">
    <label for="username">Username:</label>
    <input type="text" id="username" name="_username" value="{{ last_username }}" />

    <label for="password">Password:</label>
    <input type="password" id="password" name="_password" />

    <button type="submit">Login</button>

{{  form_end() }}

Symfony 4 - how to add csrf token without building form?

Answer

Related questions