PHPackages dkplus/csrf-api-unprotection-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. dkplus/csrf-api-unprotection-bundle ActiveLibrary[Security](/categories/security) dkplus/csrf-api-unprotection-bundle =================================== Disables the CSRF-token validation for all urls that matches a given expression. v2.2.1(7y ago)05.4kMITPHPPHP ^5.6|^7 Since Jun 28Pushed 7y ago1 watchersCompare [ Source](https://github.com/Dkplus/CsrfApiUnprotectionBundle)[ Packagist](https://packagist.org/packages/dkplus/csrf-api-unprotection-bundle)[ RSS](/packages/dkplus-csrf-api-unprotection-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (8)Versions (10)Used By (0) CSRF API Unprotection Bundle ============================ [](#csrf-api-unprotection-bundle) [![Build Status](https://camo.githubusercontent.com/c45edcb865d8867fba73015f18891dc554ce8180df20d0162c24142dea1d7fe9/68747470733a2f2f7472617669732d63692e6f72672f446b706c75732f43737266417069556e70726f74656374696f6e42756e646c652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/Dkplus/CsrfApiUnprotectionBundle)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/442993ec763dab145f82003bb3fca44a32ba5f78b1880fe2dd76c46d6c16d0b2/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f446b706c75732f43737266417069556e70726f74656374696f6e42756e646c652f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/Dkplus/CsrfApiUnprotectionBundle/?branch=master)[![Code Coverage](https://camo.githubusercontent.com/9095c6fe04c233ad6c2327d3a0f6bbfbf6a061f9dda57341a6fabc04c478dab5/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f446b706c75732f43737266417069556e70726f74656374696f6e42756e646c652f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/Dkplus/CsrfApiUnprotectionBundle/?branch=master)[![Dependency Status](https://camo.githubusercontent.com/9207e2a949ac56d69adbfb494727d0d0d77c5a9071d0d12d75d6948bc70e523d/68747470733a2f2f7777772e76657273696f6e6579652e636f6d2f757365722f70726f6a656374732f3535386663616132333136333338303031653030303237342f62616467652e7376673f7374796c653d666c6174)](https://www.versioneye.com/user/projects/558fcaa2316338001e000274)[![HHVM Status](https://camo.githubusercontent.com/ef1e700ce074dc0a3d4732754c0f1735a1daa951e06e6c87c3dbb48356f54bbf/687474703a2f2f6868766d2e683463632e64652f62616467652f646b706c75732f637372662d6170692d756e70726f74656374696f6e2d62756e646c652e706e67)](http://hhvm.h4cc.de/package/dkplus/csrf-api-unprotection-bundle)[![Latest Stable Version](https://camo.githubusercontent.com/859d5aa258d6a07e7d554d4cac88aebc909d750bd267dbed9a35d451a96dc0f4/68747470733a2f2f706f7365722e707567782e6f72672f646b706c75732f637372662d6170692d756e70726f74656374696f6e2d62756e646c652f762f737461626c652e706e67)](https://packagist.org/packages/dkplus/csrf-api-unprotection-bundle)[![Latest Unstable Version](https://camo.githubusercontent.com/24008142a19dfc700a1eedd141d40b28cc0f39b8b018a6fba991d5d2d90171f6/68747470733a2f2f706f7365722e707567782e6f72672f646b706c75732f637372662d6170692d756e70726f74656374696f6e2d62756e646c652f762f756e737461626c652e706e67)](https://packagist.org/packages/dkplus/csrf-api-unprotection-bundle)[![SensioLabsInsight](https://camo.githubusercontent.com/fd7eaca3e3dd03eb0a0068929b76300fb6598dc7cad3820fc18f2b1b201c1fb7/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f65616434613030322d616166662d346537342d613666342d3037333232363562356230342f6d696e692e706e67)](https://insight.sensiolabs.com/projects/ead4a002-aaff-4e74-a6f4-0732265b5b04) When developing stateless REST-APIs you do not want to CSRF token validation. Fortunately FOSRest [provides the ability to disable it](http://symfony.com/doc/current/bundles/FOSRestBundle/2-the-view-layer.html#csrf-validation). The solution does not work if you do not have a ROLE for all API users. This Bundle disables the CSRF token validation based upon the URL of the request. So if your API has a global prefix like `/api/` you can disable the CSRF token validation for all your API forms. Installation ============ [](#installation) Step 1: Download the Bundle --------------------------- [](#step-1-download-the-bundle) Installation of this Bundle uses composer. It requires you to have Composer installed globally. For composer documentation, please refer to [getcomposer.org](http://getcomposer.org/). Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle: ``` composer require dkplus/csrf-api-unprotection-bundle ``` Step 2: Enable the Bundle within your AppKernel ----------------------------------------------- [](#step-2-enable-the-bundle-within-your-appkernel) Then, enable the bundle by adding the following line in the `app/AppKernel.php` file of your project: ```