问题
I know there's the usual way to render CSRF token hidden input with form_rest, but is there a way to render just CSRF input itself? I've overridden {% block field_widget %} in theme to render a piece of additional text. But as CSRF token is rendered in input field too and I got a piece of text I don't need next to a hidden field. So I'd like to render it separately with an argument that tells it not to render this text.
回答1:
you can do it with {{ form_widget(formView._token) }}
回答2:
If you have formView object, you can render it using Twig function:
{{ form_widget(formView._token) }}
If you haven't - you can render token without using form object directly:
<input type="hidden" name="token" value="{{ csrf_token('some-name') }}">
Works in Symfony 2.x and 3.x
To validate the token you can use the following code in your controller (Symfony 3.x):
$submittedToken = $request->request->get('token');
if ($this->isCsrfTokenValid('some-name', $submittedToken)) {
// ... do something,
}
回答3:
Or you can just simply use this :
{{ form_row(form._token) }}
This will automatically generate the proper hidden HTML elements, ie the proper HTML structure and field names, according to the type of form you're using.
回答4:
I needed to render the csrf input inside Twig so that I could use it for Delete operations.
Using {{ csrf_token('authenticate') }} as per @YuryPliashkou's answer gives me the incorrect token (one which is only valid for logins!)
What worked for me was this {{ csrf_token('form') }} which gives me the correct csrf token which I would then pass to my controller via ajax.
<span id="csrf_token" data-token="{{ csrf_token('form') }}"></span>
// my ajax call
$.ajax({
url: localhost/admin/product/4545, // 4545->id of the item to be deleted
type: 'POST',
data: {
"_method": "DELETE",
"form[_token]": $("#csrf_token").data("token") // passed csrf token here
},
success: function(result) {
// Do something
}
});
Verified its working on Symfony 3.x.
Reference
回答5:
didn't find solution worked for me, finded and tested and worked for my Simfony3 value="{{ _token }}" in example
<form name="form" method="post" action="{{ path('blog_show', { 'id': blog.id }) }}">
<input name="_method" value="DELETE" type="hidden">
<input class="btn btn-danger" value="Delete" type="submit">
<input id="form__token" name="form[_token]" value="{{ _token }}" type="hidden">
</form>
more about scrf can be viewed here: Creating forms manually in Symfony2, but still use its CSRF and isValid() functionalily
来源:https://stackoverflow.com/questions/7476415/how-to-render-csrf-input-in-twig