Symfony2 - Passing POST from plain HTML form in one controllers action to another controllers action

Question

I've just started on using Symfony (version 2.2.1) and have ran into a little problem.

I have a plain HTML form (non-Symfony) in IntraController->indexAction and I want it to post to AuthController->loginAction. When I want to check in loginAction to see if the POST is getting passed to it, it just shows me an empty object.

My HTML form is as follows:

<form class="form-signin" action="auth/login" method="post">
  <h2 class="form-signin-heading">Admin Access</h2>
  <div class="input-prepend">
    <span class="add-on" style="padding: 7px 9px;"><i class="icon-user"></i></span>
    <input type="text" name="a_username" class="input-block-level" placeholder="Username...">
  </div>
  <div class="input-prepend">
    <span class="add-on" style="padding: 7px 9px;"><i class="icon-lock"></i></span>
    <input type="password" name="a_password" class="input-block-level" placeholder="Password...">
  </div>
  <button class="btn btn-success" name="post_auth" type="submit">Authenticate</button>
  <a class="btn" href="../">Return to Homepage</a>
</form>

And this is how I'm trying to get the POST request in loginAction:

public function loginAction(){
    return new Response(serialize($this->getRequest()->request->all()));
}

I've also tried getting a single POST item using:

return new Response(serialize($this->getRequest()->request->get('a_username')));

Sadly I'm getting an empty POST so I'm guessing that it gets emptied when it goes to auth/login. How could I preserve the POST data so it doesn't get emptied?

checked if there is no redirect in between? check if the aut form requires a csrf token? — Andreas Linden, Jul 02 '13 at 13:22
I checked and there are no redirects in between. I'm not 100% sure but I think it doesn't require it. — Karl Viiburg, Jul 02 '13 at 13:43

score 0 · Answer 1 · answered Jul 02 '13 at 13:47

0

You are missing the CSRF key. You won't be able to use static forms like this unless you explicitly disable CSRF protection.

answered Jul 02 '13 at 13:47

Rob W

9,134
1
30
50

Is there a specific place I have to disable it in? I tried setting csrf_protection to false in both config.yml and config_dev.yml but my POST object was still empty. – Karl Viiburg Jul 02 '13 at 14:02
Still no luck. I disabled csrf globally from config.yml, in security.yml I don't have such entry as csrf_provider (probably because I'm not using FOSUserBundle). I did a full-scale search on my project for csrf_provider and removed/disabled it where I could. But still the POST is empty. – Karl Viiburg Jul 02 '13 at 14:39
I found the problem. The problem wasn't in CSRF nor server-side, it was the form. I examined what was happening in profiler and noticed that a POST is done to auth/login but from there it redirected to auth/login/ (the last slash) and it automatically turned into a GET and the POST was dumped. I got it fixed by adding the last slash in my form action. But thank-you for your time to help. :) – Karl Viiburg Jul 02 '13 at 16:15

Symfony2 - Passing POST from plain HTML form in one controllers action to another controllers action

1 Answers1