Zikula CSRF token is invalid

Question

I'm modifying the template edit.html.twig in order to hide any fields. I have modified the editAction in my controller for load my template too. I'm having a problem with the CSRF. The token CSRF is not valid, when I submit the form. I have tried to reload the form, but I have the same result. (The module was created in MOST 1.1.0 and ZK 2.0.2, and I'm modifying the edit.html.twig)

What's the problem?

I have tried insert the fields that I erased, but the problem persist.

Message Error: "The CSRF token is invalid. Please try to resubmit the form." _token ( "Symfony\Component\Form\Extension\Core\Type\HiddenType" )

I have detected that the token is not created in the template. If i have this code, the token is generated. {{ form_end(form) }}
If i change the code to: {{ form_end(form, {'render_rest': false}) }} The token is not generated.

So, i have add {{ form_widget(form._token) }} Now the token is generated, but when i submit the form, i have the same message "The CSRF token is invalid. Please try to resubmit the form."

Answer 1

You should use

{{ form_end(form) }}

again and do the following in order to remove the unwanted fields.

Edit modules/YourVendor/YourAppModule/Form/Type/YourFormType.php and add something like:

use Symfony\Component\Form\FormBuilderInterface;

...

/**
 * @inheritDoc
 */
public function buildForm(FormBuilderInterface $builder, array $options)
{
    parent::buildForm($builder, $options);

    $builder->remove('yourUnwantedField');
}

Finally add the path to file which has been amended to the skipFiles property of your model's settings container:

skipFiles "
    Form/Type/YourFormType.php
"

This ensures the generator won't re-create and override this file, so your custom code is kept also after regenerations.