2

I'm trying to implement FOSRestBundle and Symfony forms. I have found this tutorial but I have problem with this part

private function processForm(PageInterface $page, array $parameters, $method = "PUT")
{
    $form = $this->formFactory->create(new PageType(), $page, array('method' => $method));
    $form->submit($parameters, 'PATCH' !== $method);
    if ($form->isValid()) { //form is not valid.
        $page = $form->getData();
        $this->om->persist($page);
        $this->om->flush($page);
        return $page;
    }
    throw new InvalidFormException('Invalid submitted data', $form);
}

ERROR: The CSRF token is invalid. Please try to resubmit the form.

Here is the controller from tutorial. And here is my class controller:

public function newAction(Request $request)
{

    $form = new EntryType();
    $newEntry = $this->container->get('entries.entry.handler')->post(
        $request->request->get($form->getName())
    );

    return View::create()
        ->setStatusCode(200)
        ->setFormat('json')
        ->setSerializationContext(SerializationContext::create()->setGroups(array('list')))
        ->setData($newEntry);
}

Should I skip checking isValid() or fix this somehow? How?

OK, It is clear now. CRF verification (csrf_protection) should be disabled

CSRF token is invalid when calling rest post api from php Client https://github.com/liuggio/symfony2-rest-api-the-best-2013-way/issues/1#issuecomment-31435232 CSRF validation needed or not when using RESTful API?

Community
  • 1
  • 1
breq
  • 24,412
  • 26
  • 65
  • 106

1 Answers1

4

From part 3 of the tutorial :

It's possible to disable the CSRF based on the user’s role.

# app/config/config.yml
fos_rest:
    disable_csrf_role: ROLE_API
    # you can also try
    # disable_csrf_role: IS_AUTHENTICATED_FULLY

See also this issue.

Mohamed Ramrami
  • 12,026
  • 4
  • 33
  • 49