I agree. That make sense as form =\= sfForm would you mind showing me an example of creating a CSRF added sfForm in actions.class.php. I am totally newbie in symfony. Thanks in advance.
On Dec 2, 7:27 am, Alexandre Salomé <[email protected]> wrote: > Huum, form_tag doesn't aim to create the form, or render CSRF fields, just > ouput the <form ....> tag, add attributes if you are using files, method = > POST... > > But nothing more than <form ...> > > Creation of the form must be done in controller. And in controller, you are > OK to add CSRF > > 2009/11/30 Tommy <[email protected]> > > > > > Thanks for your reply. > > I am using csrf_secret already. I used link_to() together with > > $request->checkCSRFProtection(); And it works fine. > > > My question is that how to use checkCSRFProtection with a form created > > by form_tag() function. > > The form doesn't have _csrf_token, so the outcome is Internal Server > > Error when i submit the form. > > > Thanks in advance. > > > On Nov 28, 8:35 am, Alexandre SALOME <[email protected]> > > wrote: > > > Enable it in your settings.yml (see > > > documentation< > >http://www.symfony-project.org/reference/1_4/fr/04-Settings#chapter_0...> > > > ) > > > > 2009/11/27 Tommy <[email protected]> > > > > > Hello, > > > > can i enable CSRF protection using form_tag ?? > > > > If it is not possible...Is there a way to create a sfForm using > > > > CSRF protection??? > > > > btw, link_to with method = post CSRF protection works perfectly. I > > > > am using symfony 1.3. > > > > Thanks! > > > > > -- > > > > > You received this message because you are subscribed to the Google > > Groups > > > > "symfony users" group. > > > > To post to this group, send email to [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected]<symfony-users%[email protected]> > > <symfony-users%[email protected]<symfony-users%[email protected]> > > > > > . > > > > For more options, visit this group at > > > >http://groups.google.com/group/symfony-users?hl=en. > > > > -- > > > Alexandre Salomé -- [email protected] > > > -- > > > You received this message because you are subscribed to the Google Groups > > "symfony users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<symfony-users%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en. > > -- > Alexandre Salomé -- [email protected] -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
