dkplus / csrf-api-unprotection-bundle
Disables the CSRF-token validation for all urls that matches a given expression.
Installs: 5 389
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Requires
- php: ^5.6|^7
- beberlei/assert: ^2||^3
- symfony/config: ^2.8|^3|^4
- symfony/dependency-injection: ^2.8|^3|^4
- symfony/form: ^2.8|^3|^4
- symfony/http-foundation: ^2.8|^3|^4
- symfony/http-kernel: ^2.8|^3|^4
Requires (Dev)
- ocramius/finalizer: ^1.0
- phpunit/phpunit: ^4.7
README
When developing stateless REST-APIs you do not want to CSRF token validation. Fortunately FOSRest provides the ability to disable it.
The solution does not work if you do not have a ROLE for all API users.
This Bundle disables the CSRF token validation based upon the URL of the request.
So if your API has a global prefix like /api/ you can disable the CSRF token validation for all your API forms.
Installation
Step 1: Download the Bundle
Installation of this Bundle uses composer. It requires you to have Composer installed globally. For composer documentation, please refer to getcomposer.org.
Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:
composer require dkplus/csrf-api-unprotection-bundle
Step 2: Enable the Bundle within your AppKernel
Then, enable the bundle by adding the following line in the app/AppKernel.php file of your project:
<?php class AppKernel extends Kernel { public function registerBundles() { $bundles = array( // … new Dkplus\CsrfApiUnprotectionBundle\DkplusCsrfApiUnprotectionBundle, ); // … } // … }
That's everything you need :-)
Configuration
The default configuration disables the CSRF token validation for all uris
that begins with /api/ regardless which environment you are using.
dkplus_csrf_api_unprotection: rules: match_uri: - "#^(/app(_[a-zA-Z]*)?.php)?/api/#"