I am using AngularJS to submit some data to Symfony Forms
I am not very familiar with CSRF Protection sorry if whatever I say is nonsense
I actually have two form generated in the Page with each a CSRF Token which I retrieve in my controller with ng-init
<div ng-init="controller.firstCsrfToken='{{ csrf_token('first_symfony_form') }} ; controller.secondCsrfToken='{{ csrf_token('second_symfony_form') }}">
I then send the data with angular
formData={
'first_symfony_form[data]':'foo',
'first_symfony_form[_token]':this.firstCsrfToken,
};
$http({
method: 'POST',
url: first_URL,
data : $.param(formData),
headers : {'Content-Type': 'application/x-www-form-urlencoded'}
}).success(function(data){
alert('This actually worked');
});
I have two function which submit POST data to the controller in that fashion, both are identical and perfectly send the data. But once in the controler, only one work ( the form is valid, submitted and handle the data like it should ) while the other gives back an error saying that the CSRF Token is invalid
Before coming here I have read that when two CSRF token are generated, only one is valid ( or only one cookie is valid , not really sure )
How can I send POST data then to two different URL that require tokens ? Can I use the same token for the two action ? Or if it is not possible, how can I add such security to AJAX operation ?
