We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. Security

CSRF not working

Hi, I have this code in a form class:


    $csrf = new Hidden('csrf', array(
      "name" => $this->security->getTokenKey(),
      "value" => $this->security->getToken()
    ));
    $csrf->addValidator(new Identical(array(
      'value' => $this->security->getSessionToken(),
      'message' => 'CSRF validation failed.'
    )));

And I tried to test if it works correctly changin the csrf input value with firebug or changing the validator value but it allways pass. Some help? Thx!!

1


51.2k
Accepted
answer

For some reason, this is not working anymore. I ended up checking it like here: https://docs.phalcon.io/en/latest/reference/security.html#cross-site-request-forgery-csrf-protection



37.4k

validate it via post , send it via post request to a controller then verify with $this->security->checkToken()