Cakephp CSRF 不匹配

Question

以下是我的AppController.php

public function initialize()
{
    parent::initialize();
    $this->loadComponent('Csrf');
    $this->loadComponent('RequestHandler', [
        'enableBeforeRedirect' => false,
    ]);
    $this->loadComponent('Auth', [
        'unauthorizedRedirect' => [
            'controller' => 'Users',
            'action'     => 'login'
        ],
        'storage' => 'Session'
    ]);
    
    $this->loadComponent('Flash');

    
    /*
     * Enable the following component for recommended CakePHP security settings.
     * see https://book.cakephp.org/3/en/controllers/components/security.html
     */
    //$this->loadComponent('Security');
}

和我的Application.php

 public function middleware($middlewareQueue)
    {
        $options = ['httpOnly' => true];
        $csrf = new CsrfProtectionMiddleware($options);
        $middlewareQueue            
            ->add(new ErrorHandlerMiddleware(null, Configure::read('Error')))
            ->add(new AssetMiddleware([
                'cacheTime' => Configure::read('Asset.cacheTime'),
            ]))
            ->add(new RoutingMiddleware($this))
            ->add($csrf);

        return $middlewareQueue;
    }

以下是我的看法。

<form action="<?= Router::url(['controller' => 'Users', 'action' => 'registration']) ?>" method="POST">
                            <input type="hidden" name="_csrfToken" value="<?= $this->request->getParam('_csrfToken'); ?>" />

</form>

不过，当我提交表格时它说

Answer 1

尝试使用 CakePHP Form Helper

制作表格

<?= $this->Form->create($users, ['url' => ['controller' => 'Users', 'action' => 'registration']]) ?>
....
<?= $this->Form->end() ?>

Cakephp CSRF 不匹配

Cakephp CSRF mismatch

php

cakephp

csrf