php – The CSRF token is invalid. Please try to resubmit the form

php – The CSRF token is invalid. Please try to resubmit the form

You need to add the _token in your form i.e

{{ form_row(form._token) }}

As of now your form is missing the CSRF token field. If you use the twig form functions to render your form like form(form) this will automatically render the CSRF token field for you, but your code shows you are rendering your form with raw HTML like <form></form>, so you have to manually render the field.

Or, simply add {{ form_rest(form) }} before the closing tag of the form.

According to docs

This renders all fields that have not yet been rendered for the given
form. Its a good idea to always have this somewhere inside your form
as itll render hidden fields for you and make any fields you forgot
to render more obvious (since itll render the field for you).

form_rest(view, variables)

Also you can see this error message when your form has a lot of elements.

This option in php.ini cause of problem

; How many GET/POST/COOKIE input variables may be accepted
 max_input_vars = 1000

Problem is that _token field misses PUT (GET) request, so you have to increase value.

Also, it concerns a big files. Increasing the


option will solve problem.

php – The CSRF token is invalid. Please try to resubmit the form

This happens because forms by default contain CSRF protection, which is not necessary in some cases.

You can disable this CSRF protection in your form class in getDefaultOptions method like this:

// Other methods omitted

public function getDefaultOptions(array $options)
    return array(
        csrf_protection => false,
        // Rest of options omitted

If you dont want to disable CSRF protection, then you need to render the CSRF protecion field in your form. It can be done by using {{ form_rest(form) }} in your view file, like this:

<form novalidate action={{path(signup_index)}} method=post {{form_enctype(form)}} role=form class=form-horizontal>
    <!-- Code omitted -->

    <div class=form-group>
        <div class=col-md-1 control-label>
            <input type=submit value=submit>

    {{ form_rest(form) }}

{{ form_rest(form) }} renders all fields which you havent entered manually.

Leave a Reply

Your email address will not be published.