问题
i'm building a mobile app talking to my symfony2 app via webservices I can't find a way to disable csrf protection on a specific controller/action
i want to post registration data to this action and use sf2 form validation. I do not call the form in my mobile app
Can't change container parameters in action, throw an exception because it is a frozen parameter...
I do not want to disable form protection for whole my application
any clue ?
thanks !
update: with symfony 2.1.x
/**
* {@inheritdoc}
*/
public function setDefaultOptions(OptionsResolverInterface $resolver)
{
$resolver->setDefaults(array(
'csrf_protection' => false,
));
}
回答1:
If you're looking for a bit easier and faster solution than suggested in answer above, here's how:
<?php
// ...
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilder;
use Symfony\Component\OptionsResolver\OptionsResolver;
class MyType extends AbstractType
{
// ...
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults(array(
'csrf_protection' => false,
));
}
}
.. or if you're using older versions (Symfony 2.0.*):
<?php
// ...
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilder;
class MyType extends AbstractType
{
// ....
public function getDefaultOptions(array $options)
{
$options = parent::getDefaultOptions($options);
$options['csrf_protection'] = false;
return $options;
}
}
Consult the Symfony documentation for additional information.
Edit: updated answer to latest Symfony version, thanks naitsirch
回答2:
Using the form factory
For those who want to create a simple form in a controller:
$form = $this->container->get('form.factory')
->createNamedBuilder(null, 'form', null, array('csrf_protection' => false))
->add('yourField','text', array(
'label' => false,
'mapped' => false
))
->getForm();
回答3:
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults([
'csrf_protection' => false,
]);
}
回答4:
Using the form factory in Symfony 3
use Symfony\Component\Form\Extension\Core\Type\FormType;
$form = $this->container->get('form.factory')
->createNamedBuilder(null, FormType::class, null, array('csrf_protection' => false))
->add('yourField','text', array(
'label' => false,
'mapped' => false
))
->getForm();
Adapted from Mick's answer
回答5:
I can't be 100% sure but I think I read somewhere that you can pass csrf_provider option while creating form.
All providers are subtypes of interface Symfony\Component\Form\Extension\Csrf\CsrfProvider and you should be able to create your own:
class MyNonCsrfProvider extends DefaultCsrfProvider{
public function isCsrfTokenValid($intention, $token)
{
return true;
}
}
and in controller:
$this->createForm(new CustomFormType(), array(
'csrf_provider' => new MyNonCsrfProvider()
));
I haven't tried this myself but this sounds like a possible solution...
来源:https://stackoverflow.com/questions/9887451/disable-symfony-2-csrf-token-protection-on-ajax-submit