Jump to content

Unable to set CSRF token

Mike Rockett

Recommended Posts

Hi all :)

I have built my own module for processing forms on my site.

The module does check to see of the request was forged or not, but I am unable to inset the token name and value into my template.

I use Twig for my templates, and this is what I'm calling:

<form data-form-ident="contact-form" data-form-token-name="{{ this.session.CSRF.getTokenName() }}" data-form-token-value="{{ this.session.CSRF.getTokenValue() }}">

The output for that is an empty string.

Could it perhaps be because I am using Twig?

Side note: disabling Twig is not an option as the templates I'm using are very complex - it would be a darn mission to revert to native PHP.

(PW 2.4.0)

Link to comment
Share on other sites

Not to worry - looks like I got it.

Simply added this to my module:

$this->session->tokenName = $this->session->CSRF->getTokenName();
$this->session->tokenValue = $this->session->CSRF->getTokenValue();

Then in my view, called it like so:

<form data-form-ident="contact-form" data-form-token-name="{{ session.get('tokenName') }}" data-form-token-value="{{ session.get('tokenValue') }}" autocomplete="off">

EDIT: Well, that screws it up I'm calling it from within a module:

Fatal error: Call to a member function path() on a non-object in [omitted]\wire\core\SessionCSRF.php on line 51

So, I'll just make my own CSRF token within the module that does not depend on the page name and path.

Edited by mike-anthony
  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...