Symfony 2在使用没有类的表单时添加CSRF标记 [英] Symfony 2 Add CSRF Token when using a form without a class
问题描述
因此,我不是简单地针对类/实体等构建表单,所以我将手动添加CSRF标记或某种保护。
在正常情况下,您将创建FormType并配置默认选项以拥有csrf_protection。然后是一个简单的例子:
{{form_widget(form._token)}}
以及csrf标记就在那里。
当我动态构建表单I我不知道如何手动为我的表单创建一个csrf标记。有没有人有没有创建类没有类和添加csrf保护的经验?
亲切的问候
保罗Pounder
form_rest(表单)
或 form_end(表单)
以使用CSRF标记呈现隐藏的输入。我不认为这是一个不支持模型的表单。 Firstly I'm a complete noobie with Symfony 2. The question sounds simple, if I try and put some context into why and how I need this it will start to get confusing.
In essence I've created a form, which I manually process, validate and insert using Doctrine etc. I am manually creating the form within a controller action (it's built dynamically from retrieved values from another object). I'm assuming there maybe better ways to do this, but as I'm new to Symfony and days of trawling the net, I can't see any solutions to what I need to do.
Therefore I'm not simply building a form against a class/entity etc and so I will manually need to add a CSRF token or some kind of protection.
In normal circumstances you would create the FormType and configure default options to have csrf_protection. Then a simple case of:
{{ form_widget(form._token) }}
and the csrf token is there.
As I'm dynamically building the form I am not sure how I can manually create a csrf token for my form. Has anyone had any experience of creating forms without a class and adding csrf protection?
Kind regards Paul Pounder
In (my) normal circumstances you create a form and do not specifically configure CSRF - it happens automatically, and you use form_rest(form)
or form_end(form)
to render the hidden input with CSRF token. I do not believe that this is any different for a form not backed by a model.
这篇关于Symfony 2在使用没有类的表单时添加CSRF标记的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!