Forms on Wordpress routes empty CSRF token

Hi there,

I’ve a problem with forms on wordpress pages, this has something to do with the session handling I think.

I’ve setup my request handler in the middleware group

Route::group(['middleware' => 'web'], function () {
    Route::post('/request-contact', [ContactController::class, 'submit'])->name('contact.submit');

My form is inside a anonymous component, that’s included on a Wordpress page template.

<form method="POST" action="{{ route('contact.submit') }}">

The form renders, but with an empty CSRF token.
I’ve seen a similar thread with the following solution:

add_action('wp_loaded', fn () => app('session')->isStarted() || app('session')->start());

But this gives me the error:

Attempt to read property "cookies" on null

Is there some configuration that i’m missing?


Unfortunately this doesn’t work.

what version of Acorn are you on? assuming it’s 4.1, I can try to look into this soon.

Yes, i’m running on 4.1, thank you!

Are you publishing the Acorn configuration? I remember there are some providers that need to be added but I forgot which one.

I have tested it with fresh Acorn 4.1 and Sage, and it’s working as expected.

<form method="POST">
      <input type="hidden" name="_token" value="ae2hD7SqWWt836tEiOTUqFoBegG1pGnqyJeqTcQa" autocomplete="off">

Here’s the repo for the test: CSRF Token Workaround

1 Like

Thanks for your response, I think I messed something up in my Radicle config. It works with a fresh install.

1 Like