Calling Developers!
We are reenergizing our code contribution process! Learn More

What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hi everyone! I have a question about the CSRF Token. On my local machine i get this error: `The CSRF

U03R01D94R4 Posts: 1 🧑🏻‍🚀 - Cadet

Hi everyone! I have a question about the CSRF Token. On my local machine i get this error: The CSRF token is invalid. Please try to resubmit the form. (In all forms login, register, add to cart …)
The point is, that this is working for my colleagues on their machine and local env and also on production and staging just not on my machine. Any ideas?
Do i need to change anything in the configuration?


  • U019JM2HE7N
    U019JM2HE7N Posts: 61 🧑🏻‍🚀 - Cadet

    Does also Production not work on your local machine or is it just your local environment?

    If there are no differences between yours and your colleagues codebase, it also could be an interruption in the browser (e.g. by an extension)
    Could you verify if there is a corresponding hidden input element in the DOM present for the CSRF token?

    <input id="loginForm__token" name="loginForm[_token]" class="input input--expand" type="hidden" placeholder="" value="ec5cc50dc5ba61ab58f4.E-CUH5uxUCQibLjEi4ydYyKQMbG-oyZmWlvN36n1H_Y.Ktn5fqzHBRx6IdKT-8L-NUTaY4HGm35UCmurpfnHbY9ljtVz68sdQHczjA">

    You can also check if you are not overwriting block form_end from vendor/symfony/twig-bridge/Resources/views/Form/form_div_layout.html.twig, since {{ form_rest(form) }} adds the CSRF Token add the form end

  • UKHR9UN00
    UKHR9UN00 Posts: 70 🧑🏻‍🚀 - Cadet

    Maybe Spryker can't set Cookies.
    Please check the Response Headers and make sure the cookie domain is configured to the one matching your environment. In Chrome you'll see ⚠ next to set-cookie if there's something wrong.
    Config key probably would be something like \Spryker\Shared\Session\SessionConstants::YVES_SESSION_COOKIE_DOMAIN