README

When developing stateless REST-APIs you do not want to CSRF token validation. Fortunately FOSRest provides the ability to disable it.

The solution does not work if you do not have a ROLE for all API users.

This Bundle disables the CSRF token validation based upon the URL of the request. So if your API has a global prefix like /api/ you can disable the CSRF token validation for all your API forms.

Installation

Step 1: Download the Bundle

Installation of this Bundle uses composer. It requires you to have Composer installed globally. For composer documentation, please refer to getcomposer.org.

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

composer require dkplus/csrf-api-unprotection-bundle

Step 2: Enable the Bundle within your AppKernel

Then, enable the bundle by adding the following line in the app/AppKernel.php file of your project:

<?php
class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            // …

            new Dkplus\CsrfApiUnprotectionBundle\DkplusCsrfApiUnprotectionBundle,
        );

        // …
    }

    // …
}

That's everything you need :-)

Configuration

The default configuration disables the CSRF token validation for all uris that begins with /api/ regardless which environment you are using.

dkplus_csrf_api_unprotection:
    rules:
        match_uri:
            - "#^(/app(_[a-zA-Z]*)?.php)?/api/#"