I can't seem to get the CSRF to work. I have a custom form, and in the form I add the hidden input for the CSRF:
private function csrfField()
{
$csrf = new Hidden('csrf', [
'value' => $this->security->getToken()
]);
$csrf->addValidator(new Identical(array(
'value' => $this->security->getSessionToken(),
'message' => 'Failed to create account. Try again.'
)));
$this->add($csrf);
}
When I check the source, the CSRF token is present. But, when I submit the form, and check if the token is valid it always comes back as false. Here is the method from my controller that's hit when the form is submitted.
public function createAction()
{
$form = new CreateSnapForm();
$form->bind($this->request->getPost(), new CreateSnapPostData());
if ($this->security->checkToken()) {
$this->flash->error($form->getMessages()[0]);
$this->dispatcher->forward([ 'action' => 'index' ]);
return;
}
...
It always fails. What am I doing wrong here? If you need more info, feel free to ask