dkplus/csrf-api-unprotection-bundle

Disables the CSRF-token validation for all urls that matches a given expression.

v2.2.1 2019-01-10 09:27 UTC

This package is auto-updated.

Last update: 2024-03-10 20:32:48 UTC


README

Build Status Scrutinizer Code Quality Code Coverage Dependency Status HHVM Status Latest Stable Version Latest Unstable Version SensioLabsInsight

When developing stateless REST-APIs you do not want to CSRF token validation. Fortunately FOSRest provides the ability to disable it.

The solution does not work if you do not have a ROLE for all API users.

This Bundle disables the CSRF token validation based upon the URL of the request. So if your API has a global prefix like /api/ you can disable the CSRF token validation for all your API forms.

Installation

Step 1: Download the Bundle

Installation of this Bundle uses composer. It requires you to have Composer installed globally. For composer documentation, please refer to getcomposer.org.

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

composer require dkplus/csrf-api-unprotection-bundle

Step 2: Enable the Bundle within your AppKernel

Then, enable the bundle by adding the following line in the app/AppKernel.php file of your project:

<?php
class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            // …

            new Dkplus\CsrfApiUnprotectionBundle\DkplusCsrfApiUnprotectionBundle,
        );

        // …
    }

    // …
}

That's everything you need :-)

Configuration

The default configuration disables the CSRF token validation for all uris that begins with /api/ regardless which environment you are using.

dkplus_csrf_api_unprotection:
    rules:
        match_uri:
            - "#^(/app(_[a-zA-Z]*)?.php)?/api/#"