When I remove @NoCSRFRequired -> CSRF Check failed

Dear Everybody,

My application : GitHub - baimard/gestion

When I remove in my controller the @NoCSRFRequired

I have this error message :

 Accès non autorisé (Acces not authorised)
CSRF check failed

I try to remove the @NoCSRFRequired in index() and devis()

Is there something I don’t do well ?

why do you remove it? There shouldn’t be a CSRF check for those routes. Leave the annotation.

Thank you,

but CSRF check is there for security reason, if I leave this annotation, is that doesn’t cause any security problem ?

you have to evaluate the risk of the route. the GET route that loads the page won’t impose a CSRF issue in most applications. When that’s the case then a user won’t need to specify a token for the route.