symfonytwigcsrf
Symfony: make CSRF token available to all twig templates
My app has AJAX requests here and there, and I want to protect them with CSRF tokens. However, rather than generating and passing a CSRF token to the Twig renderer for use in the JavaScript, I'd like a CSRF token to be readily available in every html page that Twig renders.
I've seen that Laravel seems to put it in a meta tag, so I can easily grab it with JavaScript. But how to do this in Symfony? How can I insert this token in every page?
Or is this not good practice?
Solution
Of course this is a good practice!!
You have the built-in function csrf_token('key') in symfony/twig for that.
Example:
<a href="{{ path('product_remove', {id: product.id, csrf: csrf_token('product') }) }}"
class="btn btn-info">Remove</a>
From a controller, you just have to check it:
/**
* @Route("/product/remove/{csrf}/{id}", name="product_remove")
*/
public function removeProductAction($csrf, $id)
{
if ($csrf !== $this->get('security.csrf.token_manager')->getToken('product')->getValue()) {
throw new InvalidCsrfTokenException('Invalid CSRF token');
}
// delete $id
// cleans up url
return $this->redirectToRoute('product_list');
}
- Preserve symbolic links Encore with cleanupOutputBeforeBuild
- api platform - Unable to generate an IRI for the item
- How do I read from parameters.yml in a controller in symfony2?
- Symfony-ux-live-component No matching "form" property or mount() argument was found
- Symfony ignores / does not override values by .env.local file
- Doctrine migrations: how to retrieve value right after insert
- How do I read configuration settings from Symfony2 config.yml?
- Validate enum type with [#Assert\Choice]
- Symfony web test case JSON
- How do I get the object id of an entity during the postRemove event?
- Cross Join to DQL
- Foreign Key Constraints does not work with Doctrine/Symfony and SQLite
- How to make a search query for Max and Min in Symfony4?
- Use an external repository with symfony4 trouble with autoload and parameters
- Why after upgrading to Symfony 4.4 I no longer get the error preview pages?
- entity/model property reserved for the image file upload is newer being set by the form system (result is always null - no errors)
- Overriding Controller in Symfony 4.4 (Decorates) - "You have requested a non-existent service"
- How can I implement a dotrine entity event listener
- return a custom status code in User Checker
- Where is correct place to authenticate users from multiple places?
- Using LexikJWTAuthenticationBundle with an LDAP Provider
- Redirect to "/" route in symfony
- How to start local server with symfony 5 or downgrade version to 4.4?
- Custom voter does not work as expected after migrating from Symfony 3.4 to Symfony 4.4
- LANG variable isn't overriden in testing environment
- symfony - getting logged out at form->handleRequest
- How to get the value of a key from the .env file?
- Symfony 4.4 metadata_cache_driver configuration key deprecation notice
- Add TINYINT to Doctrine SQL types
- Connection could not be established with host "ssl://null:465": stream_socket_client(): php_network_getaddresses: getaddrinfo failed