如何使用FOSUserBundle在Symfony 3上全局启用CSRF保护 [英] How can I turn of CSRF protection globally on Symfony 3 with FOSUserBundle

问题描述

我遇到了一个会话问题，结果为无法启动会话:已由PHP启动.".作为临时的解决方法，我不会在全球范围内禁用CSRF保护，包括FOSUserBundle.我该怎么办?

I am having a sessions issue that results "Failed to start the session: already started by PHP.". As a temporary workaround, I wan't to disable CSRF protection globally, including FOSUserBundle. How can I do this?

推荐答案

在文档:

framework:
    csrf_protection:
        enabled:   false

如果您还需要以登录形式禁用它，则只需转到security.yml文件并从form_login指令中删除csrf_provider，就不需要更新操作类或其他任何内容.

and if you need to disable it also in login form you just go to your security.yml file and remove the csrf_provider from the form_login directive, don't need to update the action class or anything.

这篇关于如何使用FOSUserBundle在Symfony 3上全局启用CSRF保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！