发表新帖
发表新帖

Disable symfony 2 csrf token protection on ajax submit

后端 未结
关注
5 414
遇见更好的自我
遇见更好的自我 2020-12-08 13:07

i\'m building a mobile app talking to my symfony2 app via webservices I can\'t find a way to disable csrf protection on a specific controller/action

i want to post r

相关标签:
5条回答
  • 一整个雨季
    2020-12-08 13:26

    Using the form factory in Symfony 3

    use Symfony\Component\Form\Extension\Core\Type\FormType;

$form = $this->container->get('form.factory')
    ->createNamedBuilder(null, FormType::class, null, array('csrf_protection' => false))
    ->add('yourField','text', array(
        'label' => false,
        'mapped' => false
    ))
    ->getForm();

    Adapted from Mick's answer

    0 讨论(0)
  • 傲寒
    2020-12-08 13:46

    If you're looking for a bit easier and faster solution than suggested in answer above, here's how:

    <?php

// ...

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilder;
use Symfony\Component\OptionsResolver\OptionsResolver;

class MyType extends AbstractType
{
    // ...

   public function configureOptions(OptionsResolver $resolver)
    {
        $resolver->setDefaults(array(
            'csrf_protection' => false,
        ));
    }
}

    .. or if you're using older versions (Symfony 2.0.*):

    <?php

// ...

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilder;

class MyType extends AbstractType
{
    // ....

    public function getDefaultOptions(array $options)
    {
        $options = parent::getDefaultOptions($options);
        $options['csrf_protection'] = false;

        return $options;
    }
}

    Consult the Symfony documentation for additional information.

    Edit: updated answer to latest Symfony version, thanks naitsirch

    0 讨论(0)
  • 执笔经年
    2020-12-08 13:48

    I can't be 100% sure but I think I read somewhere that you can pass csrf_provider option while creating form.

    All providers are subtypes of interface Symfony\Component\Form\Extension\Csrf\CsrfProvider and you should be able to create your own:

    class MyNonCsrfProvider extends DefaultCsrfProvider{
    public function isCsrfTokenValid($intention, $token)
    {
        return true;
    }
}

    and in controller:

    $this->createForm(new CustomFormType(), array(
    'csrf_provider' => new MyNonCsrfProvider()
));

    I haven't tried this myself but this sounds like a possible solution...

    0 讨论(0)
  • 攒了一身酷
    2020-12-08 13:50

    Using the form factory

    For those who want to create a simple form in a controller:

    $form = $this->container->get('form.factory')
    ->createNamedBuilder(null, 'form', null, array('csrf_protection' => false))
    ->add('yourField','text', array(
        'label' => false,
        'mapped' => false
    ))
    ->getForm();
    0 讨论(0)
  • 灰色年华
    2020-12-08 13:52 
    public function configureOptions(OptionsResolver $resolver)
{
    $resolver->setDefaults([
        'csrf_protection' => false,
    ]);
}
    0 讨论(0)
 看不清?
提交回复
热议问题