Hi everybody,
pretty indecent of me to bump my thread but I'm really in need of a
solution :-(
For the sake of clarity:
- have installed the latest symfony 1.1 beta
- created my model
- generated crud actions with the symfony CLI
- set the csfr_secret value in settings.yml > all > .settings
- cleared the cache a 1000 times
- assured that my view renders a hidden csfr_token input field (which
only has a name and an ID, not a value)
- still get an error message the a csfr token is required
Any thoughts? Help is very much appreciated :-)
Marijn
On Apr 9, 2:07 am, Marijn <[EMAIL PROTECTED]> wrote:
> Thanks Dustin,
>
> I didn't make myself clear enough. I don't want to use a hash sign in
> the value. The problem is that even with the csfr_secret value defined
> in my settings.yml my forms still don't work. If I try to add
> something to my database with the crud actions that were generated by
> symfony I still get the csfr required error.
>
> Do you have any thoughts on that?
>
> Thanks,
>
> Marijn
>
> On Apr 9, 1:12 am, Dustin Whittle <[EMAIL PROTECTED]>
> wrote:
>
> > Marijn,
>
> > In symfony yaml files #app_my_setting# will be replace with the equivalent
> > of sfConfig::get('app_my_setting'). If you want to use # as a value, wrap it
> > in single quotes. csrf_secret: 'my_crazy_#_value'.
>
> > - Dustin
>
> > On 4/8/08 3:55 PM, "Marijn" <[EMAIL PROTECTED]> wrote:
>
> > > On Apr 8, 5:55 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> > >> in yml # symbol is used to comment text .... :)
>
> > > Yeah, I love that symbol :-D
> > > I just wasn't sure if it's meaning were the same if it came in two
> > > pairs wrapped around a ##value##
>
> > > Unfortunately that means the problem isn't solved yet... The code
> > > generated by your example is the following:
>
> > > <input type="hidden" name="$module_name$[_csrf_token]" id="$module_name
> > > $__csrf_token" />
>
> > > Any thoughts..? Thanks,
>
> > > Marijn
>
> > >> csrf_secret: my super token
>
> > >> Thomas
>
> > >> On Tue, Apr 8, 2008 at 5:44 PM, Marijn <[EMAIL PROTECTED]> wrote:
>
> > >>> Hi Thomas,
>
> > >>> Thanks for your quick reply.
>
> > >>> in my view there was the following line of code for my csrf_token:
> > >>> <?php echo $form['_csrf_token'] ?>
>
> > >>> If I use that or the code you gave me the hidden input tag is created
> > >>> but it has no value assigned to it.
>
> > >>> Should the scfr_secret value in my config be wrapped in hash signs or
> > >>> can I just use some arbitrary string..?
>
> > >>> Thanks,
>
> > >>> Marijn
>
> > >>> On Apr 8, 5:18 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> > >>> > I am not 100% sure about that but you sould add a csrf secret in
> > >>> your
> > >>> > settings.yml
>
> > >>> > all:
> > >>> > .settings:
> > >>> > # Form security secret (CSRF protection)
> > >>> > csrf_secret: ##CSRF_SECRET## # Unique secret to enable
> > >>> > CSRF protection or false to disable
>
> > >>> > In the view, check that field csrf is present, if not add
>
> > >>> > <?= $form[$form->getCSRFFieldName()]->render() ?>
>
> > >>> > Thomas
>
> > >>>> On Tue, Apr 8, 2008 at 5:10 PM, Marijn <[EMAIL PROTECTED]>
> > >>>> wrote:
>
> > >>> > > Hi everybody,
>
> > >>> > > I am having trouble finding documentation about csrf support in
> > >>> > > symfony 1.1. When I generate crud actions for a Model and try to
> > >>> > > populate it with data by using the create web interface it says
> > >>> that
> > >>> > > csrf_token is required.
>
> > >>> > > Anybody here who knows this problem or who can tell me what I am
> > >>> doing
> > >>> > > wrong? I haven't changed a thing after generating the crud
> > >>> actions.
>
> > >>> > > Thanks,
>
> > >>> > > Marijn
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
