That means that you’ve got a post form that’s submitting an invalid CSRF token. See https://book.cakephp.org/3.0/en/controllers/middleware.html#csrf-middleware for more information.
If you would like any more help, you’re going to have to give us way more information that just a small snippet of a screenshot.
1 Like
It was ok before upgrade to 3.6.
I replaced bin and config dir
added src/Application.php
Error appear when i login. I use cakedc users plugin
Have you followed the full 3.6 migration guide?
I see you are still using the old CsrfComponent, you need to use the new middleware in 3.6
Based on that, I assume that you’ve used the default one, which automatically loads the middleware CSRF protector. This would clash with the component, and could quite easily cause the issue you are seeing.
1 Like
OK should i remove components from Appcontroller
$this->loadComponent('Security');
$this->loadComponent('Csrf');Hello,
You should remove loadComponent(‘Csrf’). It’s deprecated.
However, it’s not the cause of your problem.
You should upgrade your CakeDC/Users plugin to the newest version to be compatible with CakePHP 3.6.
Remember to change your configuration files of CakeDC/Users (permission and users) after upgrading. Use the sample files to make changes.
It took me a few days to fix all errors when migrating to CakePHP 3.6. The CSRF error is the most annoying thing to me. I had to search, try-and-fail a lot of times. Most of the time, it happens when calling AJAX.
If you have any trouble, I can help you.
1 Like
Thanks for your reply.
Yes. I removed Csrf component and upgraded Debug kit and Users plugin now it works good.
I am building rest API. I configured CORS on middleware and it work good.
Can you help me, ???
I didn’t know how to upgrade and remove the loadcomponent