37 lines
1.5 KiB
ReStructuredText
37 lines
1.5 KiB
ReStructuredText
|
Disabling CSRF Protection on a Form using the FormExtension
|
||
|
|
===========================================================
|
||
|
|
|
||
|
|
The *FormExtension* provides a service for building form in your application
|
||
|
|
with the Symfony Form component. When the :doc:`CSRF Service Provider
|
||
|
|
</providers/csrf>` is registered, the *FormExtension* uses the CSRF Protection
|
||
|
|
avoiding Cross-site request forgery, a method by which a malicious user
|
||
|
|
attempts to make your legitimate users unknowingly submit data that they don't
|
||
|
|
intend to submit.
|
||
|
|
|
||
|
|
You can find more details about CSRF Protection and CSRF token in the
|
||
|
|
`Symfony Book
|
||
|
|
<http://symfony.com/doc/current/book/forms.html#csrf-protection>`_.
|
||
|
|
|
||
|
|
In some cases (for example, when embedding a form in an html email) you might
|
||
|
|
want not to use this protection. The easiest way to avoid this is to
|
||
|
|
understand that it is possible to give specific options to your form builder
|
||
|
|
through the ``createBuilder()`` function.
|
||
|
|
|
||
|
|
Example
|
||
|
|
-------
|
||
|
|
|
||
|
|
.. code-block:: php
|
||
|
|
|
||
|
|
$form = $app['form.factory']->createBuilder('form', null, array('csrf_protection' => false));
|
||
|
|
|
||
|
|
That's it, your form could be submitted from everywhere without CSRF Protection.
|
||
|
|
|
||
|
|
Going further
|
||
|
|
-------------
|
||
|
|
|
||
|
|
This specific example showed how to change the ``csrf_protection`` in the
|
||
|
|
``$options`` parameter of the ``createBuilder()`` function. More of them could
|
||
|
|
be passed through this parameter, it is as simple as using the Symfony
|
||
|
|
``getDefaultOptions()`` method in your form classes. `See more here
|
||
|
|
<http://symfony.com/doc/current/book/forms.html#book-form-creating-form-classes>`_.
|