I'm trying to implement FOSRestBundle and Symfony forms. I have found this tutorial but I have problem with this part
private function processForm(PageInterface $page, array $parameters, $method = "PUT")
{
$form = $this->formFactory->create(new PageType(), $page, array('method' => $method));
$form->submit($parameters, 'PATCH' !== $method);
if ($form->isValid()) { //form is not valid.
$page = $form->getData();
$this->om->persist($page);
$this->om->flush($page);
return $page;
}
throw new InvalidFormException('Invalid submitted data', $form);
}
ERROR: The CSRF token is invalid. Please try to resubmit the form.
Here is the controller from tutorial. And here is my class controller:
public function newAction(Request $request)
{
$form = new EntryType();
$newEntry = $this->container->get('entries.entry.handler')->post(
$request->request->get($form->getName())
);
return View::create()
->setStatusCode(200)
->setFormat('json')
->setSerializationContext(SerializationContext::create()->setGroups(array('list')))
->setData($newEntry);
}
Should I skip checking isValid() or fix this somehow? How?
OK, It is clear now. CRF verification (csrf_protection) should be disabled
CSRF token is invalid when calling rest post api from php Client https://github.com/liuggio/symfony2-rest-api-the-best-2013-way/issues/1#issuecomment-31435232 CSRF validation needed or not when using RESTful API?
From part 3 of the tutorial :
It's possible to disable the CSRF based on the user’s role.
# app/config/config.yml
fos_rest:
disable_csrf_role: ROLE_API
# you can also try
# disable_csrf_role: IS_AUTHENTICATED_FULLY
See also this issue.