-
-
Notifications
You must be signed in to change notification settings - Fork 9.6k
[Authenticator] Invalid CSRF token (BC with SF 5.4) #44541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
I have the same problem, but I don't use firewalls -> enable_csrf I check csrf inside of LoginFormAuthenticator like it shows in symfony doc https://symfony.com/doc/current/security/custom_authenticator.html#passport-badges Also the problem is only in the remote server (no domain, only IP). I cannot reproduce this locally. I can't find solution, so, I rolled back to 5.4.0 |
I found that break it. |
I have the same issue when i upgrade symfony 5.4.0 to 5.4.1 On local developpement i use
My session config was session:
handler_id: null
cookie_secure: 'auto'
cookie_samesite: 'lax'
storage_factory_id: session.storage.factory.native
Since 5.4.1 To resolve problem (environment dev only) i change cookie_secure session:
handler_id: null
cookie_secure: false
cookie_samesite: 'lax'
storage_factory_id: session.storage.factory.native
|
I think those issues are all about |
I confirm, revert this PR solve the problem :) |
Can you try out #44518 if this fixes your issue? |
I can confirm this as well |
@alexander-schranz I should've read all the comments! Yes, that seems to do the trick too. Thanks! |
@Jelle-S Thank you for testing! |
@alexander-schranz It does the job :) |
thank you |
Hi, |
Now the default value in |
@chiqui3d Hi you are find a solution with version 5.4.4 ? i have tried on version 6.0.0 it's work for me . |
if you are on dev env and using base http for request then you should define |
@Jonathanlight what do you mean ? I am in 6.0.7 and still have this error: |
If you got still issues it would be good if somebody provides a repository based on a minimal |
I juste created a new project (6.0.8), used maker bundle to add a user class and a login form, still have "Authenticator does not support the request". I can't figure out what to change and where from the linked post int this topic, and i suppose it's not the right place to discuss the matter :). |
I don't even have an error with wrong password. |
Hi, @fecambot In my case, there is no error messages because there is double redirect triggered. Try to look at Your symfony logs. What I have there, are 2 requests. First is to Authenticator and it fails with "Invalid CSRF token". Then he redirects Again to login again, and now is Your "does not support the request" error. Will be happy to provide any further information. |
I'm using Wamp on a windows 10 box, i'll look into updates and check again. |
Symfony version(s) affected
5.4.1
Description
Can't authenticate with
FormLoginAuthenticator
.How to reproduce
Symfony app is serving by a nginx running on docker,
if i try to login using a hostname :
=> foo.local:8001/login
Got error :
if i try to login using a hostname :
=> foo.local:8001/login : it works
Downgrade symfony to 5.4.0 solve the problem.
Possible Solution
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: