【发布时间】:2017-08-01 00:49:16
【问题描述】:
问题
FOS 用户捆绑表单(登录、注册、...)工作得很好,但不是我自己的表单,给我:
CSRF 令牌无效。请尝试重新提交表单
当我尝试在以下位置创建资源时:
http://www.project.local/app_dev.php/developer/new
甚至:
http://www.project.local/developer/new
环境
- OS X EL Capitan 64 位
- 网络服务器:
- 服务器:Apache 2.4.16
- 服务器 API:Apache 2.0 处理程序 (mod_php7)
- 线程安全:禁用
- 文档根目录:
/Library/WebServer/Documents/project/web - PHP:
7.1.2
- Symfony:
3.2.* - 使用生成的代码库
- FOS 用户包:
~2.0@dev - KNP 菜单包:
^2.0
app/config/config.yml
framework:
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
#serializer: { enable_annotations: true }
templating:
engines: ['twig']
trusted_hosts: ~
trusted_proxies: ~
session:
handler_id: session.handler.native_file
save_path: "%kernel.root_dir%/../var/sessions/%kernel.environment%"
fragments: ~
http_method_override: true
# Twig Configuration
twig:
debug: "%kernel.debug%"
strict_variables: "%kernel.debug%"
form_themes:
- 'form/form_div_layout.html.twig'
app/config/security.yml
security:
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
开发者控制器
public function newAction(Request $request)
{
$developer = new Developer();
$form = $this->createForm(DeveloperType::class, $developer);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$em = $this->getDoctrine()->getManager();
$em->persist($developer);
$em->flush($developer);
return $this->redirectToRoute('developer_show', array('id' => $developer->getId()));
}
return $this->render('BackendBundle:Developer:new.html.twig', array(
'developer' => $developer,
'form' => $form->createView(),
));
}
开发者类型
class DeveloperType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options) {
$builder->add('user');
}
public function configureOptions(OptionsResolver $resolver) {
$resolver->setDefaults(array(
'data_class' => Developer::class
));
}
public function getBlockPrefix() {
return 'backendbundle_developer';
}
}
表单 - 模板
{{ form_start(form) }}
{{ form_widget(form) }}
<button type="submit" name="{{ form.vars.name }}">Create</button>
{{ form_end(form) }}
表单 - 生成
表单始终具有隐藏的_token 输入字段存在。
<form name="form_name" method="post" class="ui form">
<input type="hidden" name="form_name[_token]" value="YefVvhSvvNTItjw7ayDFwFi4sdf_6oOvsQjnUu9X7cw">
<button type="submit" name="form_name">Create</button>
</form>
(form_name 等于 backendbundle_developer)
我做了什么?
在 Google 上搜索了几个小时,并阅读了 Stack Overflow 上的所有类似问题,包括上述问题
-
重新检查文件系统权限
httpd进程在_www用户下运行,所以:sudo chown -R _www var/ sudo chmod -R 775 var/var/sessions/下的会话文件创建更新成功 -
更改了
app/config/config.yml条目session: handler_id: session.handler.native_file save_path: "%kernel.root_dir%/../var/sessions/%kernel.environment%"到
session: handler_id: session.handler.native_file save_path: ~
完全没有成功。
类似问题
这不是这些类似问题的重复:
【问题讨论】:
标签: php symfony symfony-forms csrf-protection