Developed with love by KnpLabs Hire us for your project!
25

CsrfApiUnprotectionBundle

by Dkplus

Disables the CSRF-token validation for all urls that matches a given expression.

CSRF API Unprotection Bundle

Build Status
Scrutinizer Code Quality
Code Coverage
Dependency Status
HHVM Status
Latest Stable Version
Latest Unstable Version
SensioLabsInsight

When developing stateless REST-APIs you do not want to CSRF token validation.
Fortunately FOSRest provides the ability to disable it.

The solution does not work if you do not have a ROLE for all API users.

This Bundle disables the CSRF token validation based upon the URL of the request.
So if your API has a global prefix like /api/ you can disable the CSRF token validation for all your API forms.

Installation

Step 1: Download the Bundle

Installation of this Bundle uses composer. It requires you to have Composer installed globally.
For composer documentation, please refer to getcomposer.org.

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

composer require dkplus/csrf-api-unprotection-bundle

Step 2: Enable the Bundle within your AppKernel

Then, enable the bundle by adding the following line in the app/AppKernel.php file of your project:

<?php
class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            // …

            new Dkplus\CsrfApiUnprotectionBundle\DkplusCsrfApiUnprotectionBundle,
        );

        // …
    }

    // …
}

That's everything you need :-)

Configuration

The default configuration disables the CSRF token validation for all uris
that begins with /api/ regardless which environment you are using.

dkplus_csrf_api_unprotection:
    rules:
        matches_uri:
            - "#^(/app(_[a-zA-Z]*)?.php)?/api/#"
The MIT License (MIT)

Copyright (c) 2015 Dkplus

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

  • Ensure that all symfony components have the same version
    By UFOMelkor, 1 year ago
  • Add sensiolabs insight badge
    By UFOMelkor, 1 year ago
  • Fix possible bugs found by sensiolabs insight
    By UFOMelkor, 1 year ago
  • make FormExtension public
    By UFOMelkor, 1 year ago
  • Fix documentation
    By UFOMelkor, 1 year ago
  • Add documentation
    By UFOMelkor, 1 year ago
  • Fix scrutinizer coding style error
    By UFOMelkor, 1 year ago
  • exchange badges
    By UFOMelkor, 1 year ago
  • Increase coverage and fix scrutinizer errors
    By UFOMelkor, 1 year ago
  • Remove php 5.5 from travis
    By UFOMelkor, 1 year ago
  • Finalizer requires PHP 5.6
    By UFOMelkor, 1 year ago
  • Try another travis configuration
    By UFOMelkor, 1 year ago
  • Add finalizer check to travis
    By UFOMelkor, 1 year ago
  • Fix coding style
    By UFOMelkor, 1 year ago
  • Add badges
    By UFOMelkor, 1 year ago
  • Initial commit
    By UFOMelkor, 1 year ago
  • Initial commit
    By UFOMelkor, 1 year ago