Symfony 2 CSFR protection and Backbone Application

StackOverflow https://stackoverflow.com/questions/13379837

Frage

I have a CRUD controller on Symfony 2. I want to make a backbone application wrapper for this controller. But in the logic of the application there is a question: "How to implement CSRF protection for the backbone forms application?"

I see a few ways:

  1. Request token before generating forms.
  2. Generate underscore templates incorporating the tokens.
  3. Disable protection in Symfony and invent your bike.

I will be glad for your help in choosing the right solution to the problem.

War es hilfreich?

Lösung

I'm sorry, I hurried to the question. Here is the solution
From myself I want to add the solution to Symfony server side:

$options=array();
if ($request->isXmlHttpRequest() )         
    $options['csrf_protection']= false;
$form = $this->createForm(new FormType(), $entity,$options);
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top