Thanks Dustin,
I didn't make myself clear enough. I don't want to use a hash sign in
the value. The problem is that even with the csfr_secret value defined
in my settings.yml my forms still don't work. If I try to add
something to my database with the crud actions that were generated by
symfony I still get the csfr required error.
Do you have any thoughts on that?
Thanks,
Marijn
On Apr 9, 1:12 am, Dustin Whittle <[EMAIL PROTECTED]>
wrote:
> Marijn,
>
> In symfony yaml files #app_my_setting# will be replace with the equivalent
> of sfConfig::get('app_my_setting'). If you want to use # as a value, wrap it
> in single quotes. csrf_secret: 'my_crazy_#_value'.
>
> - Dustin
>
> On 4/8/08 3:55 PM, "Marijn" <[EMAIL PROTECTED]> wrote:
>
>
>
> > On Apr 8, 5:55 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> >> in yml # symbol is used to comment text .... :)
>
> > Yeah, I love that symbol :-D
> > I just wasn't sure if it's meaning were the same if it came in two
> > pairs wrapped around a ##value##
>
> > Unfortunately that means the problem isn't solved yet... The code
> > generated by your example is the following:
>
> > <input type="hidden" name="$module_name$[_csrf_token]" id="$module_name
> > $__csrf_token" />
>
> > Any thoughts..? Thanks,
>
> > Marijn
>
> >> csrf_secret: my super token
>
> >> Thomas
>
> >> On Tue, Apr 8, 2008 at 5:44 PM, Marijn <[EMAIL PROTECTED]> wrote:
>
> >>> Hi Thomas,
>
> >>> Thanks for your quick reply.
>
> >>> in my view there was the following line of code for my csrf_token:
> >>> <?php echo $form['_csrf_token'] ?>
>
> >>> If I use that or the code you gave me the hidden input tag is created
> >>> but it has no value assigned to it.
>
> >>> Should the scfr_secret value in my config be wrapped in hash signs or
> >>> can I just use some arbitrary string..?
>
> >>> Thanks,
>
> >>> Marijn
>
> >>> On Apr 8, 5:18 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> >>> > I am not 100% sure about that but you sould add a csrf secret in your
> >>> > settings.yml
>
> >>> > all:
> >>> > .settings:
> >>> > # Form security secret (CSRF protection)
> >>> > csrf_secret: ##CSRF_SECRET## # Unique secret to enable
> >>> > CSRF protection or false to disable
>
> >>> > In the view, check that field csrf is present, if not add
>
> >>> > <?= $form[$form->getCSRFFieldName()]->render() ?>
>
> >>> > Thomas
>
> >>>> On Tue, Apr 8, 2008 at 5:10 PM, Marijn <[EMAIL PROTECTED]>
> >>>> wrote:
>
> >>> > > Hi everybody,
>
> >>> > > I am having trouble finding documentation about csrf support in
> >>> > > symfony 1.1. When I generate crud actions for a Model and try to
> >>> > > populate it with data by using the create web interface it says that
> >>> > > csrf_token is required.
>
> >>> > > Anybody here who knows this problem or who can tell me what I am
> >>> doing
> >>> > > wrong? I haven't changed a thing after generating the crud actions.
>
> >>> > > Thanks,
>
> >>> > > Marijn
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
