# Forms on Wordpress routes empty CSRF token

**URL:** https://discourse.roots.io/t/forms-on-wordpress-routes-empty-csrf-token/26878
**Category:** acorn
**Created:** 2024-03-20T06:22:25Z
**Posts:** 7

## Post 1 by @captainhindsight — 2024-03-20T06:22:25Z

Hi there,

I’ve a problem with forms on wordpress pages, this has something to do with the session handling I think.

I’ve setup my request handler in the middleware group

```
Route::group(['middleware' => 'web'], function () {
    Route::post('/request-contact', [ContactController::class, 'submit'])->name('contact.submit');
});
```

My form is inside a anonymous component, that’s included on a Wordpress page template.

```
<form method="POST" action="{{ route('contact.submit') }}">
    @csrf
</form>
```

The form renders, but with an empty CSRF token.  
I’ve seen a similar [thread](https://discourse.roots.io/t/steps-to-use-livewire-with-acorn-4-0/26668) with the following solution:

```
add_action('wp_loaded', fn () => app('session')->isStarted() || app('session')->start());
```

But this gives me the error:

```
Attempt to read property "cookies" on null
```

Is there some configuration that i’m missing?

---

## Post 2 by @Log1x — 2024-03-20T06:39:26Z

you might need `ACORN_ENABLE_EXPERIMENTAL_WORDPRESS_REQUEST_HANDLER=true` set in `.env`

---

## Post 3 by @captainhindsight — 2024-03-20T07:28:14Z

Unfortunately this doesn’t work.

---

## Post 4 by @Log1x — 2024-03-20T07:42:29Z

what version of Acorn are you on? assuming it’s 4.1, I can try to look into this soon.

---

## Post 5 by @captainhindsight — 2024-03-20T08:23:37Z

Yes, i’m running on 4.1, thank you!

---

## Post 6 by @niznet — 2024-03-20T16:59:42Z

> [@captainhindsight](#):
>
> But this gives me the error:
> 
> ```
> Attempt to read property "cookies" on null
> ```
> 
> Is there some configuration that i’m missing?

Are you publishing the Acorn configuration? I remember there are some providers that need to be added but I forgot which one.

I have tested it with fresh Acorn 4.1 and Sage, and it’s working as expected.

```
<form method="POST">
      <input type="hidden" name="_token" value="ae2hD7SqWWt836tEiOTUqFoBegG1pGnqyJeqTcQa" autocomplete="off">
</form>
```

Here’s the repo for the test: [CSRF Token Workaround](https://github.com/iniznet/csrf-token-workaround/commits/main/)

---

## Post 7 by @captainhindsight — 2024-03-22T14:29:44Z

Thanks for your response, I think I messed something up in my Radicle config. It works with a fresh install.