Thanks Dustin, I didn't make myself clear enough. I don't want to use a hash sign in the value. The problem is that even with the csfr_secret value defined in my settings.yml my forms still don't work. If I try to add something to my database with the crud actions that were generated by symfony I still get the csfr required error.
Do you have any thoughts on that? Thanks, Marijn On Apr 9, 1:12 am, Dustin Whittle <[EMAIL PROTECTED]> wrote: > Marijn, > > In symfony yaml files #app_my_setting# will be replace with the equivalent > of sfConfig::get('app_my_setting'). If you want to use # as a value, wrap it > in single quotes. csrf_secret: 'my_crazy_#_value'. > > - Dustin > > On 4/8/08 3:55 PM, "Marijn" <[EMAIL PROTECTED]> wrote: > > > > > On Apr 8, 5:55 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > >> in yml # symbol is used to comment text .... :) > > > Yeah, I love that symbol :-D > > I just wasn't sure if it's meaning were the same if it came in two > > pairs wrapped around a ##value## > > > Unfortunately that means the problem isn't solved yet... The code > > generated by your example is the following: > > > <input type="hidden" name="$module_name$[_csrf_token]" id="$module_name > > $__csrf_token" /> > > > Any thoughts..? Thanks, > > > Marijn > > >> csrf_secret: my super token > > >> Thomas > > >> On Tue, Apr 8, 2008 at 5:44 PM, Marijn <[EMAIL PROTECTED]> wrote: > > >>> Hi Thomas, > > >>> Thanks for your quick reply. > > >>> in my view there was the following line of code for my csrf_token: > >>> <?php echo $form['_csrf_token'] ?> > > >>> If I use that or the code you gave me the hidden input tag is created > >>> but it has no value assigned to it. > > >>> Should the scfr_secret value in my config be wrapped in hash signs or > >>> can I just use some arbitrary string..? > > >>> Thanks, > > >>> Marijn > > >>> On Apr 8, 5:18 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > >>> > I am not 100% sure about that but you sould add a csrf secret in your > >>> > settings.yml > > >>> > all: > >>> > .settings: > >>> > # Form security secret (CSRF protection) > >>> > csrf_secret: ##CSRF_SECRET## # Unique secret to enable > >>> > CSRF protection or false to disable > > >>> > In the view, check that field csrf is present, if not add > > >>> > <?= $form[$form->getCSRFFieldName()]->render() ?> > > >>> > Thomas > > >>>> On Tue, Apr 8, 2008 at 5:10 PM, Marijn <[EMAIL PROTECTED]> > >>>> wrote: > > >>> > > Hi everybody, > > >>> > > I am having trouble finding documentation about csrf support in > >>> > > symfony 1.1. When I generate crud actions for a Model and try to > >>> > > populate it with data by using the create web interface it says that > >>> > > csrf_token is required. > > >>> > > Anybody here who knows this problem or who can tell me what I am > >>> doing > >>> > > wrong? I haven't changed a thing after generating the crud actions. > > >>> > > Thanks, > > >>> > > Marijn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---