We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

CSRF not working

Hi, I have this code in a form class:


    $csrf = new Hidden('csrf', array(
      "name" => $this->security->getTokenKey(),
      "value" => $this->security->getToken()
    ));
    $csrf->addValidator(new Identical(array(
      'value' => $this->security->getSessionToken(),
      'message' => 'CSRF validation failed.'
    )));

And I tried to test if it works correctly changin the csrf input value with firebug or changing the validator value but it allways pass. Some help? Thx!!



51.2k
Accepted
answer

For some reason, this is not working anymore. I ended up checking it like here: https://docs.phalcon.io/en/latest/reference/security.html#cross-site-request-forgery-csrf-protection

validate it via post , send it via post request to a controller then verify with $this->security->checkToken()