Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Security token doesn't match, possible CSRF attack.


2 Posts   3653 Views


Community Member, 74 Posts

4 July 2011 at 2:42pm

Hi Guys,

This has me stumped. Just thought I would ask here before I try to work on a work around.

I have a very simple form below that I am trying (had a much more complex form and it gave the error so I have dumbed it down and I'm still getting the error).

Anyway, anytime I try to display the form like

I get the screen

Security token doesn't match, possible CSRF attack.

Am I just brain dead this morning and missing something glaringly obvious?

Thanks in advance for the help.



class AddItems extends Page {

   public static $db = array(

   public static $has_one = array(

static $icon = "cms/images/famfam-silk/application_view_list";

function getCMSFields() {

$fields = parent::getCMSFields();
$fields->removeFieldFromTab("Root.Content.Main", "Content");

return $fields;

class AddItems_Controller extends Page_Controller {

public function init() {

//add our 'show' function as an allowed URL action
public static $allowed_actions = array(

* Create a form with just a single field.
public function MyForm() {
$fields = new FieldSet(
new TextField('Title', '<span class="required"></span>Title')
$actions = new FieldSet(
new FormAction(
_t('MyForm.SAVE', 'Save')
$validator = new RequiredFields(

$form = new Form(
$validator // optional
return $form;

public function doSave() {

die('In doSave');

public function doDelete() {

die('In doDelete');



Community Member, 74 Posts

4 July 2011 at 2:58pm

@rentboxapp replied to me via twitter and said

"@ccburns you want to use $MyForm in the template, rather than accessing it directly. ~SW"

Which was the solution... Stupidly simple really :)