dkplus/csrf-api-unprotection-bundle

Disables the CSRF-token validation for all urls that matches a given expression.

CSRF API Unprotection Bundle

, _(*1)

When developing stateless REST-APIs you do not want to CSRF token validation. Fortunately FOSRest provides the ability to disable it., _(*2)

The solution does not work if you do not have a ROLE for all API users., _(*3)

This Bundle disables the CSRF token validation based upon the URL of the request. So if your API has a global prefix like /api/ you can disable the CSRF token validation for all your API forms., _(*4)

Installation

Step 1: Download the Bundle

Installation of this Bundle uses composer. It requires you to have Composer installed globally. For composer documentation, please refer to getcomposer.org., _(*5)

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:, _(*6)

composer require dkplus/csrf-api-unprotection-bundle

Step 2: Enable the Bundle within your AppKernel

Then, enable the bundle by adding the following line in the app/AppKernel.php file of your project:, _(*7)

<?php
class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            // …

            new Dkplus\CsrfApiUnprotectionBundle\DkplusCsrfApiUnprotectionBundle,
        );

        // …
    }

    // …
}

That's everything you need :-), _(*8)

Configuration

The default configuration disables the CSRF token validation for all uris that begins with /api/ regardless which environment you are using., _(*9)

dkplus_csrf_api_unprotection:
    rules:
        match_uri:
            - "#^(/app(_[a-zA-Z]*)?.php)?/api/#"