Symfony的CSRF和Ajax [英] Symfony CSRF and Ajax

问题描述

我想实现我的Symfony 2项目的一些Ajax功能。使用jQuery的$。员额我想一些数据发送回我的控制器。然而，当我刚POST数据没有CSRF保护很到位，因为symfony的CSRF保护似乎只适用于形式。

I am trying to implement some ajax functionality in my Symfony 2 project. Using jquery's $.post I want to send some data back to my controller. However, when I just POST the data no CSRF protection is in place, as symfony's csrf protection only seems to apply to forms.

什么是实现此一pretty的简单的方法？

What would be a pretty straightforward way to implement this?

在使用表单我只是做$形式 - > isValid（）的以找出是否CSRF令牌传递。我现在把我的一切要发布的形式，然后张贴的。这基本上意味着我只能用这种形式来实现CSRF保护，这似乎哈克。

When using forms I can just do $form->isValid() to find out whether or not the CSRF token passes. I am currently placing everything I want to POST in a form and then posting that. Which basically means I am only using that form to implement CSRF protection, which seems hacky.

推荐答案

在Symfony2中CSRF令牌是基于会话默认情况下。如果你想生成它，你只需要得到这个服务，并调用生成方法：

In Symfony2 CSRF token is based on session by default. If you want to generate it, you just have to get this service and call generation method:

$csrf = $this->get('form.csrf_provider'); //Symfony\Component\Form\Extension\Csrf\CsrfProvider\SessionCsrfProvider by default
$token = $csrf->generateCsrfToken($intention); //Intention should be empty string, if you did not define it in parameters

return new Response($token);

这个问题可能对您有用

这篇关于Symfony的CSRF和Ajax的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！