Score:2

Drupal

CSRF token is not varying in Ajax callback while submitting form

Monika

10/10/22, 5:16 AM

I have a form with ajax callback as following , on each submit token is not varying , it remains constant for all submit .

wall.routing.yml

wall.commentform:
  path: '/commentform'
  defaults:
    _title: 'Comment form'
    _form: '\Drupal\wall\Form\WallCommentPost'
  requirements:
    _permission: 'access content'
    _csrf_token: 'TRUE'

In from as following

WallCommentPost.php

$ajax = [
  'callback' => [$this, '_wall_comment_ajax_form_post'],
  'wrapper' => 'field-type-replace-comment',
  'event' => 'click',
  'progress' => array(
    'type' => 'throbber',
    'message' => '',
  )
];

$form['wall_submit'] = [
  '#type' => 'submit',
  '#value' => 'Submit',
  '#ajax' => $ajax,
  '#prefix' => '<div class="col-12 p-1 d-flex justify-content-between"><div class="file_name_insert file_name_insert_data-' . $nid . ' pl-4 text-truncate"></div>',
  '#suffix' => '</div>',
  '#attributes' => array(
    'class' => array(
      'btn',
      $ajax_class,
      'd-none',
      'subbtn-' . $nid
    ),
    'disabled' => 'disabled'
  ),
];
$url = Url::fromRoute('wall.commentform');
$token = \Drupal::csrfToken()->get($url->getInternalPath());

$form['#action'] = Url::fromRoute('wall.commentform')->setOption('query', [FormBuilderInterface::AJAX_FORM_REQUEST => 1, 'token1' => $token])->toString();

187

1 + 5

forms

ajax

csrf

miststudent2011

10/10/22, 10:49 AM

I see $token is commented out, is it intentional ? or you missed it ?

Monika

10/10/22, 2:17 PM

By default that URL itself generating token , I just tested this way by forcefully adding token ,still it remains as a constant value .

Jaypan

10/10/22, 4:16 PM

I can't understand what you're trying to do. I can see how you're trying to do it, but I don't understand what your goal is, or what is working contrary to what is expected. Not enough information.

miststudent2011

10/11/22, 4:15 AM

May be it helps https://drupal.stackexchange.com/a/268262/ ?

Monika

10/11/22, 5:22 PM

CSRF token should vary on each submit request , that is my goal , as of now the CSRF token passing in the URL remains constant . how to vary the token value on each submit request ?

Score:0

Drupal

miststudent2011

10/21/22, 1:43 PM

After further digging found out the cause for CSRF token not varying.

CSRF token is dependent on session. So until the session is same CSRF token stays same.

Logout and login again and submit the form, you will get new token.

There is an issue reported in Drupal.org for the same even though it is fixed for Drupal 8, it is not working as expected.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: CSRF token is not varying in Ajax callback while submitting form

TH: โทเค็น CSRF ไม่เปลี่ยนแปลงในการเรียกกลับ Ajax ขณะส่งแบบฟอร์ม

RO: Indicatorul CSRF nu variază în apelarea Ajax în timpul trimiterii formularului

RU: Токен CSRF не меняется в обратном вызове Ajax при отправке формы

VI: Mã thông báo CSRF không thay đổi trong lệnh gọi lại Ajax khi gửi biểu mẫu

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.