I used the code below and it has csrf too. But how can I disable its csrf? I searched and Disable CSRF token on login form did not help, as there createFormBuilder()
is not used in my case below, so what should I do?
$csrfStorage = new NativeSessionTokenStorage(); $csrfGenerator = new UriSafeTokenGenerator(); $csrfManager = new CsrfTokenManager($csrfGenerator, $csrfStorage); $formFactory = Forms::createFormFactoryBuilder() ->addExtension(new CsrfExtension($csrfManager)) ->getFormFactory(); $defaultFormTheme = 'bootstrap_3_layout.html.twig'; $vendorDir = realpath(__DIR__.'/../vendor'); $appVariableReflection = new ReflectionClass('SymfonyBridgeTwigAppVariable'); $vendorTwigBridgeDir = dirname($appVariableReflection->getFileName()); $viewsDir = realpath('twig'); $twig = new Twig_Environment(new Twig_Loader_Filesystem(array( $viewsDir, $vendorTwigBridgeDir.'/Resources/views/Form', ))); $formEngine = new TwigRendererEngine(array($defaultFormTheme), $twig); $twig->addRuntimeLoader(new Twig_FactoryRuntimeLoader(array( TwigRenderer::class => function () use ($formEngine, $csrfManager) { return new TwigRenderer($formEngine, $csrfManager); }, ))); $twig->addExtension(new FormExtension()); $translator = new Translator('en'); $twig->addExtension(new TranslationExtension($translator)); $form = $formFactory->createBuilder() ->add('task', TextType::class) ->add('dueDate', DateType::class) ->getForm(); $request = Request::createFromGlobals(); $form->handleRequest(); if ($form->isSubmitted() && $form->isValid()) { $data = $form->getData(); print_r($data); } $twig->display('new.html.twig', array( 'form' => $form->createView(), ));
Advertisement
Answer
$form = $formFactory->createBuilder('SymfonyComponentFormExtensionCoreTypeFormType', null, array('csrf_protection' => false))