Hi, I'm creating my own admin generator with heavy use of AJAX. Every CRUD action works fine, except with the batch actions. I've tried to use the same code that is used on the original admin generator but it keeps throwing "CSRF attack detected". I have a form that wraps a table, with each row having a checkbox named "ids[]" and, at the end, a select with my batch actions, named "batch_action". The form points to the route "myObject_collection" with a parameter "action" with the value "batch". I add the token with:
<?php $form = new BaseForm() ?> <?php if ( $form->isCSRFProtected() ): ?> <input type="hidden" name="<?php echo $form->getCSRFFieldname() ?>" value="<?php echo $form->getCSRFToken() ?>" /> <?php endif; ?> I mean, it's all just like it is on the admin generator. I then receive on my executeBatch action the request and I use: $request->checkCSRFProtection(); And it throws the CSRF attack error. If I disable the CSRF protection, the form works fine. The other forms works OK with CSRF protection. The problem is only with the batch. What am I missing here? Thanks! -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en