Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

CSRF not working

Hi, I have this code in a form class:

    $csrf = new Hidden('csrf', array(
      "name" => $this->security->getTokenKey(),
      "value" => $this->security->getToken()
    ));
    $csrf->addValidator(new Identical(array(
      'value' => $this->security->getSessionToken(),
      'message' => 'CSRF validation failed.'
    )));

And I tried to test if it works correctly changin the csrf input value with firebug or changing the validator value but it allways pass. Some help? Thx!!



34.0k
Accepted
answer

For some reason, this is not working anymore. I ended up checking it like here: https://docs.phalconphp.com/en/latest/reference/security.html#cross-site-request-forgery-csrf-protection

validate it via post , send it via post request to a controller then verify with $this->security->checkToken()