I am using this twig and standalone symfony form and validator component:

use Symfony\Component\Validator\Constraints as Assert; // other use lines ommitted to shorten the code. $defaultFormTheme = 'bootstrap_4_horizontal_layout.html.twig'; $csrfGenerator = new UriSafeTokenGenerator(); $csrfStorage = new NativeSessionTokenStorage(); $csrfManager = new CsrfTokenManager($csrfGenerator, $csrfStorage); $formEngine = new TwigRendererEngine([$defaultFormTheme], $twig); $twig->addRuntimeLoader(new FactoryRuntimeLoader([ FormRenderer::class => function () use ($formEngine, $csrfManager) { return new FormRenderer($formEngine, $csrfManager); }, ])); $twig->addExtension(new FormExtension()); $translator = new Translator('fr_FR'); $translator->addLoader('php', new \Symfony\Component\Translation\Loader\PhpFileLoader()); $translator->addResource('php', ROOT.'/translations/messages.fr.php', 'fr_FR'); $twig->addExtension(new TranslationExtension($translator)); $formFactory = Forms::createFormFactoryBuilder() ->addExtension(new CsrfExtension($csrfManager)) ->addExtension(new ValidatorExtension(Validation::createValidator())) ->getFormFactory(); $form = $formFactory->createBuilder() ->add('firstnameEn', TextType::class, [ 'constraints' => [new Assert\Length(['min' => 3])] ]) ->add('lastnameEn', TextType::class) ->add('email', EmailType::class) ->add('birthDate', TextType::class) ->add('password', PasswordType::class) ->add('applyCard', CheckboxType::class) ->add('showPhoto', CheckboxType::class) ->add('privacyRead', CheckboxType::class) ->getForm(); $form->handleRequest(); if ($form->isSubmitted() && $form->isValid()) { $errors = $form->getErrors(); var_dump($errors); $data = $form->getErrors(); var_dump($data); print("debug pring"); } else { $errors = $form->getErrors(); var_dump($errors); $data = $form->getErrors(); var_dump($data); print("debug pring"); } echo $twig->render('signup.html', ['form' => $form->createView(), 'title' => 'title', ]);

I looked html source and I see there is field like:

<input type="hidden" id="form__token" name="form[_token]" value="YTm....." />

But I always get an invalid csrf token error, after submitting the form even with a fresh form page. What mistake I did? Should I do something else in this code too?