Jump to:

23455 Posts in 18904 Topics by 2877 members

General Questions

SilverStripe Forums » General Questions » Security token doesn't match, possible CSRF attack.

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 3321 Views
  • ccburns
    Avatar
    Community Member
    74 Posts

    Security token doesn't match, possible CSRF attack. Link to this post

    Hi Guys,

    This has me stumped. Just thought I would ask here before I try to work on a work around.

    I have a very simple form below that I am trying (had a much more complex form and it gave the error so I have dumbed it down and I'm still getting the error).

    Anyway, anytime I try to display the form like

    http://domain.com/AddItemPage/MyForm

    I get the screen

    Security token doesn't match, possible CSRF attack.

    Am I just brain dead this morning and missing something glaringly obvious?

    Thanks in advance for the help.

    Cheers,
    Colin

    <?php

    class AddItems extends Page {

       public static $db = array(
       );

       public static $has_one = array(
       );

    static $icon = "cms/images/famfam-silk/application_view_list";

    function getCMSFields() {

    $fields = parent::getCMSFields();
    $fields->removeFieldFromTab("Root.Content.Main", "Content");

    return $fields;

    }
    }
    class AddItems_Controller extends Page_Controller {

    public function init() {
    parent::init();
    }

    //add our 'show' function as an allowed URL action
    public static $allowed_actions = array(
    'MyForm'
    );

    /**
    * Create a form with just a single field.
    *
    */
    public function MyForm() {
    $fields = new FieldSet(
    new TextField('Title', '<span class="required"></span>Title')
    );
    $actions = new FieldSet(
    new FormAction(
    'doSave',
    _t('MyForm.SAVE', 'Save')
    )
    );
    $validator = new RequiredFields(
    'Title'
    );

    $form = new Form(
    $this,
    'MyForm',
    $fields,
    $actions,
    $validator // optional
    );
    return $form;
    }

    public function doSave() {

    die('In doSave');
    }

    public function doDelete() {

    die('In doDelete');
    }

    }

  • ccburns
    Avatar
    Community Member
    74 Posts

    Re: Security token doesn't match, possible CSRF attack. Link to this post

    @rentboxapp replied to me via twitter and said

    "@ccburns you want to use $MyForm in the AddItem.ss template, rather than accessing it directly. ~SW"

    Which was the solution... Stupidly simple really

    Thanks

    3321 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.