I found the answer myself. FYI http://www.symfony-project.org/forms/1_2/en/01-Form-Creation http://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designers creating your form class extended from sfForm. lastly just echo $form...that form has csrf_token.
thanks the documentation :) On Dec 2, 10:13 am, Tommy <[email protected]> wrote: > I agree. That make sense as form =\= sfForm > would you mind showing me an example of creating a CSRF added sfForm > in actions.class.php. > I am totally newbie in symfony. > Thanks in advance. > > On Dec 2, 7:27 am, Alexandre Salomé <[email protected]> > wrote: > > > Huum, form_tag doesn't aim to create the form, or render CSRF fields, just > > ouput the <form ....> tag, add attributes if you are using files, method = > > POST... > > > But nothing more than <form ...> > > > Creation of the form must be done in controller. And in controller, you are > > OK to add CSRF > > > 2009/11/30 Tommy <[email protected]> > > > > Thanks for your reply. > > > I am using csrf_secret already. I used link_to() together with > > > $request->checkCSRFProtection(); And it works fine. > > > > My question is that how to use checkCSRFProtection with a form created > > > by form_tag() function. > > > The form doesn't have _csrf_token, so the outcome is Internal Server > > > Error when i submit the form. > > > > Thanks in advance. > > > > On Nov 28, 8:35 am, Alexandre SALOME <[email protected]> > > > wrote: > > > > Enable it in your settings.yml (see > > > > documentation< > > >http://www.symfony-project.org/reference/1_4/fr/04-Settings#chapter_0...> > > > > ) > > > > > 2009/11/27 Tommy <[email protected]> > > > > > > Hello, > > > > > can i enable CSRF protection using form_tag ?? > > > > > If it is not possible...Is there a way to create a sfForm using > > > > > CSRF protection??? > > > > > btw, link_to with method = post CSRF protection works perfectly. I > > > > > am using symfony 1.3. > > > > > Thanks! > > > > > > -- > > > > > > You received this message because you are subscribed to the Google > > > Groups > > > > > "symfony users" group. > > > > > To post to this group, send email to [email protected]. > > > > > To unsubscribe from this group, send email to > > > > > [email protected]<symfony-users%[email protected]> > > > <symfony-users%[email protected]<symfony-users%[email protected]> > > > > > > . > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/symfony-users?hl=en. > > > > > -- > > > > Alexandre Salomé -- [email protected] > > > > -- > > > > You received this message because you are subscribed to the Google Groups > > > "symfony users" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<symfony-users%[email protected]> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/symfony-users?hl=en. > > > -- > > Alexandre Salomé -- [email protected] > > -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
