Ajax jquery Error cakephp 3.6.10 (Solved)


Hello. Im making a simple select change. But I have a problem ang getting the following error:

Error: [Cake\Http\Exception\InvalidCsrfTokenException] CSRF token mismatch.

This is my function on the controller:

public function municipios() {

    $subregion = $this->request->getData['subregion_id'];

        $municipios = $this->Municipios->find('list',[
            'limit' => 200,

            'conditions' => ['Municipios.subregion_id' => $subregion],
            'contain' => ['Subregiones']


        $this->set('_serialize', 'municipios');


This is my jquery ajax:

$(document).ready(function () {
    function (event) {
    data: $("#subregion-id").serialize(),
    function (data, textStatus) {
      type:"post", url:"\/lavaderos\/municipios"});
  return false;

I read on the documentation that need a token but I dont know how to do it.

That code work fine in 3.5.x but no in 3.6.x

Thank you


This may help


Thanks rdd. Not woking :frowning:


are you using CSRF in your application ? if so you need to read the CSRF component with javascript in order to submit the post ajax request from jQuery !


No, only I need filter a select like countries states. Work fine in cakephp 3.5.


you must get an error. what does your logs look like? see in the error logs. You may find the answer there !


Error log:

2018-08-08 10:04:28 Error: [Cake\Http\Exception\InvalidCsrfTokenException] CSRF token mismatch.
Request URL: /lavaderos/municipios
Referer URL: http://localhost:8765/lavaderos/add

I dont Know what is “CSRF token mismatch”, first time that happen.

The function and the jquery script previosly mentioned work fine in cakephp 3.5.x but not working on 3.6.10


Like I said before, you have to read the CSRF to send in your post request from $.ajax() so your controller reads it and treats your request as a legit request from the web-app. I am not sure if cakePhP 3.6 has the CSRF component loaded by default. Check the resources on the website about the CSRF component.


Ultimately, try to disable the component on your controller just for testing purposes, I DO NOT RECOMMEND to disable it on production.

public function beforeFilter(Event $event)


Like I said before i dit it but nothing happend. Please if you dont know the answer dont write. Thank you and bye.


The answer is right in front of your eyes, I can see it and I know what your problem is, I told you the answer, the fact you expect people to write the code for you is another entire different thing, but have it your way, bye !


bye! dont write anymore!


what a child, shame on you big baby, shame !


That is my problem if I am a “big baby”, not you. Mind your own bussiness.

It is assumed that this site is to consult problems that one has with cakephp and not deal with psychological problems. If you bother the question simply do not answer.

I have seen other answers from you and you are really embarrassing.


I found the solution. Just add new line in jquery script:

$(document).ready(function () {
    function (event) {
    data: $("#subregion-id").serialize(),
    beforeSend: function (xhr) { // Add this line
        xhr.setRequestHeader('X-CSRF-Token', $('[name="_csrfToken"]').val());
    },  // Add this line
    success:function (data, textStatus) {
      type:"post", url:"\/lavaderos\/municipios"});
  return false;

[solved] CSRF cookie not found by Angular front app (3.6.10)