ajax 在ajax提交上禁用symfony 2 csrf令牌保护
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9887451/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Disable symfony 2 csrf token protection on ajax submit
提问by Julien Rollin
i'm building a mobile app talking to my symfony2 app via webservices I can't find a way to disable csrf protection on a specific controller/action
我正在构建一个移动应用程序,通过网络服务与我的 symfony2 应用程序通信我找不到在特定控制器/操作上禁用 csrf 保护的方法
i want to post registration data to this action and use sf2 form validation. I do not call the form in my mobile app
我想将注册数据发布到此操作并使用 sf2 表单验证。我不会在我的移动应用程序中调用表单
Can't change container parameters in action, throw an exception because it is a frozen parameter...
无法在操作中更改容器参数,抛出异常,因为它是一个冻结参数...
I do not want to disable form protection for whole my application
我不想为整个应用程序禁用表单保护
any clue ?
任何线索?
thanks !
谢谢 !
update: with symfony 2.1.x
更新:使用 symfony 2.1.x
/**
* {@inheritdoc}
*/
public function setDefaultOptions(OptionsResolverInterface $resolver)
{
$resolver->setDefaults(array(
'csrf_protection' => false,
));
}
回答by Inoryy
If you're looking for a bit easier and faster solution than suggested in answer above, here's how:
如果您正在寻找比上述答案中建议的更简单、更快捷的解决方案,方法如下:
<?php
// ...
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilder;
use Symfony\Component\OptionsResolver\OptionsResolver;
class MyType extends AbstractType
{
// ...
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults(array(
'csrf_protection' => false,
));
}
}
.. or if you're using older versions (Symfony 2.0.*):
.. 或者如果您使用的是旧版本(Symfony 2.0.*):
<?php
// ...
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilder;
class MyType extends AbstractType
{
// ....
public function getDefaultOptions(array $options)
{
$options = parent::getDefaultOptions($options);
$options['csrf_protection'] = false;
return $options;
}
}
Consult the Symfony documentationfor additional information.
有关其他信息,请参阅Symfony 文档。
Edit:updated answer to latest Symfony version, thanks naitsirch
编辑:最新 Symfony 版本的更新答案,感谢naitsirch
回答by Mick
Using the form factory
使用表单工厂
For those who want to create a simple form in a controller:
对于那些想要在控制器中创建简单表单的人:
$form = $this->container->get('form.factory')
->createNamedBuilder(null, 'form', null, array('csrf_protection' => false))
->add('yourField','text', array(
'label' => false,
'mapped' => false
))
->getForm();
回答by luchaninov
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults([
'csrf_protection' => false,
]);
}
回答by Nicodemuz
Using the form factory in Symfony 3
在 Symfony 3 中使用表单工厂
use Symfony\Component\Form\Extension\Core\Type\FormType;
$form = $this->container->get('form.factory')
->createNamedBuilder(null, FormType::class, null, array('csrf_protection' => false))
->add('yourField','text', array(
'label' => false,
'mapped' => false
))
->getForm();
Adapted from Mick's answer
改编自米克的回答
回答by Jovan Perovic
I can't be 100% sure but I think I read somewhere that you can pass csrf_provideroption while creating form.
我不能 100% 确定,但我想我在某个地方读到过,您可以csrf_provider在创建表单时传递选项。
All providers are subtypes of interface Symfony\Component\Form\Extension\Csrf\CsrfProviderand you should be able to create your own:
所有提供程序都是接口的子类型,Symfony\Component\Form\Extension\Csrf\CsrfProvider您应该能够创建自己的:
class MyNonCsrfProvider extends DefaultCsrfProvider{
public function isCsrfTokenValid($intention, $token)
{
return true;
}
}
and in controller:
并在控制器中:
$this->createForm(new CustomFormType(), array(
'csrf_provider' => new MyNonCsrfProvider()
));
I haven't tried this myself but this sounds like a possible solution...
我自己还没有尝试过,但这听起来像是一个可能的解决方案......
