Home/ Questions/Q 850937
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T07:20:51+00:00

What is the best way of creating functional tests to test forms with CSRF

  • 0

What is the best way of creating functional tests to test forms with CSRF protection enabled in Symfony?

Currently I have to add the following code before each form submittion:

  $form = new sfGuardFormSignin();
  $token = $form->getCSRFToken();
  $token_name = $form->getCSRFFieldName();

Then I add the $token and $token_name to form parameters like this:

call('/login', 'POST', array (
    'signin' => 
    array (
      'username' => $username,
      'password' => $password,
      $token_name => $token,
    )))

The option suggested in the documentation:

'_with_csrf' => true,

Doesn’t work at all.

Is there more simple way to avoid adding token to each form tested manually? Or is there a way to turn off csrf checking when running tests?

The way I’ve described above is ok when you have to test 1-2 forms but if project contains tens unique forms it becomes a pain.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Of course, you can’t use _with_csrf option if you call directly the url.
    You must pass from the form page, clicking on the submit button.
    Like so:

    click('signin', array('signin' => array('username' => $username, 'password' => $password), array('_with_csrf' => true)))

    The string ‘signin’ must be adapted to your form. You can also use a more label-independent string, like ‘form#myform input[type=”submit”]’ instead of ‘signin’, adapting the id of your form.

    As already suggested, you can disapble CSRF for login, it’s really useful for forms that modifies data.

    • 0