[英]handling the The CSRF token in symfony's forms when in public REST context
I'm developer my first symfony (3) app.我是我的第一个 symfony (3) 应用程序的开发者。 it is a REST service publicly accessible .
它是一种可公开访问的REST 服务。 I'm doing this using FOSRestBundle.
我正在使用 FOSRestBundle 执行此操作。 I'll have to ad some admin forms soon or later, and I'll probably want to create them directly (without passing by the extra work of consuming my own web services)
我迟早要添加一些管理表单,我可能想直接创建它们(不通过使用我自己的 Web 服务的额外工作)
I wonder how to handle the CSRF token in this case .我想知道在这种情况下如何处理 CSRF 令牌。 I see different solutions:
我看到不同的解决方案:
Which one of this (or other) solution seem the best to you, and how would you code it?这个(或其他)解决方案中的哪一个对您来说是最好的,您将如何对其进行编码?
I found a way, perhaps not the best one, but it works :我找到了一种方法,也许不是最好的方法,但它有效:
$_format = $request->attributes->get('_format');
if ('html' == $_format) {
$form = $this->createForm(ItopInstanceUserType::class, $itopInstanceUser);
} else {
$form = $this->createForm(ItopInstanceUserType::class, $itopInstanceUser, ['csrf_protection' => false]);
}
For me, forget CSRF token managed by yourself, check subjects like Oauth authentication.对我来说,忘记自己管理的 CSRF 令牌,检查 Oauth 身份验证等主题。
Take a look here: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md看看这里: https : //github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Resources/doc/index.md
FOSOAuthServerBundle works perfectly with FOSRestBundle. FOSOAuthServerBundle 与 FOSRestBundle 完美配合。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.