php 如何在树枝中呈现CSRF输入?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7476415/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to render CSRF input in twig?
提问by Ondrej Slinták
I know there's the usual way to render CSRF token hidden input with form_rest, but is there a way to render justCSRF input itself? I've overridden {% block field_widget %}in theme to render a piece of additional text. But as CSRF token is rendered in input field too and I got a piece of text I don't need next to a hidden field. So I'd like to render it separately with an argument that tells it not to render this text.
我知道有渲染CSRF令牌隐藏输入常用的方式form_rest,但有没有办法使刚刚CSRF输入自己?我已经覆盖{% block field_widget %}了主题以呈现一段附加文本。但是由于 CSRF 令牌也在输入字段中呈现,并且我在隐藏字段旁边得到了一段我不需要的文本。所以我想用一个参数单独呈现它,告诉它不要呈现这个文本。
回答by Henrik Bj?rnskov
you can do it with {{ form_widget(formView._token) }}
你可以用 {{ form_widget(formView._token) }}
回答by pliashkou
If you have formViewobject, you can render it using Twig function:
如果你有formView对象,你可以使用 Twig 函数渲染它:
{{ form_widget(formView._token) }}
If you haven't - you can render token without using form object directly:
如果你没有 - 你可以在不直接使用表单对象的情况下渲染令牌:
<input type="hidden" name="token" value="{{ csrf_token('some-name') }}">
Works in Symfony 2.x and 3.x
适用于 Symfony 2.x 和 3.x
To validate the token you can use the following code in your controller (Symfony 3.x):
要验证令牌,您可以在控制器 (Symfony 3.x) 中使用以下代码:
$submittedToken = $request->request->get('token');
if ($this->isCsrfTokenValid('some-name', $submittedToken)) {
// ... do something,
}
回答by Anass
Or you can just simply use this :
或者你可以简单地使用这个:
{{ form_row(form._token) }}
This will automatically generate the proper hidden HTML elements, ie the proper HTML structure and field names, according to the type of form you're using.
这将根据您使用的表单类型自动生成正确的隐藏 HTML 元素,即正确的 HTML 结构和字段名称。
回答by Niket Pathak
I needed to render the csrf input inside Twig so that I could use it for Deleteoperations.
Using {{ csrf_token('authenticate') }}as per @YuryPliashkou's answer gives me the incorrect token (one which is only valid for logins!)
我需要在 Twig 中渲染 csrf 输入,以便我可以将它用于删除操作。根据{{ csrf_token('authenticate') }}@YuryPliashkou 的回答使用给我错误的令牌(仅对登录有效!)
What worked for me was this {{ csrf_token('form') }}which gives me the correct csrf token which I would then pass to my controller via ajax.
对我{{ csrf_token('form') }}有用的是它为我提供了正确的 csrf 令牌,然后我将通过 ajax 将其传递给我的控制器。
<span id="csrf_token" data-token="{{ csrf_token('form') }}"></span>
// my ajax call
$.ajax({
url: localhost/admin/product/4545, // 4545->id of the item to be deleted
type: 'POST',
data: {
"_method": "DELETE",
"form[_token]": $("#csrf_token").data("token") // passed csrf token here
},
success: function(result) {
// Do something
}
});
Verified its working on Symfony 3.x.
验证其在Symfony 3.x上的工作。
回答by Vladimir Ch
didn't find solution worked for me, finded and tested and worked for my Simfony3 value="{{ _token }}" in example
没有找到对我有用的解决方案,在示例中找到并测试并适用于我的 Simfony3 value="{{ _token }}"
<form name="form" method="post" action="{{ path('blog_show', { 'id': blog.id }) }}">
<input name="_method" value="DELETE" type="hidden">
<input class="btn btn-danger" value="Delete" type="submit">
<input id="form__token" name="form[_token]" value="{{ _token }}" type="hidden">
</form>
more about scrf can be viewed here: Creating forms manually in Symfony2, but still use its CSRF and isValid() functionalily
可以在此处查看有关 scrf 的更多信息:在 Symfony2 中手动创建表单,但仍使用其 CSRF 和 isValid() 功能
