PHPackages                             fantoine/csrf-route-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. fantoine/csrf-route-bundle

ActiveSymfony-bundle[Security](/categories/security)

fantoine/csrf-route-bundle
==========================

Symfony2 bundle which provides a simple way to add CSRF tokens to routes

1.0.4(10y ago)35.2k4MITPHPPHP &gt;=5.4.0

Since Jan 20Pushed 10y ago2 watchersCompare

[ Source](https://github.com/fantoine/csrf-route-bundle)[ Packagist](https://packagist.org/packages/fantoine/csrf-route-bundle)[ Docs](https://github.com/fantoine/csrf-route-bundle)[ RSS](/packages/fantoine-csrf-route-bundle/feed)WikiDiscussions master Synced today

READMEChangelogDependencies (1)Versions (6)Used By (0)

\**/!\\ This bundle is no more supported and has moved to [Genedys/csrf-route-bundle](https://github.com/Genedys/csrf-route-bundle) /!\**

FantoineCsrfRouteBundle
=======================

[](#fantoinecsrfroutebundle)

This [Symfony2](http://symfony.com) bundle provides route annotation and options to secure routes against [CSRF attacks](http://en.wikipedia.org/wiki/Cross-site_request_forgery) and without using forms.

[![SensioLabsInsight](https://camo.githubusercontent.com/d75c1545acf6d8494b1ace90c4f095f580aab040055ce25f29f7c031cb1c3323/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f30393461333538332d623632342d343561382d383030362d6338336630633432393162342f6d696e692e706e67)](https://insight.sensiolabs.com/projects/094a3583-b624-45a8-8006-c83f0c4291b4)

Installation
------------

[](#installation)

Use [Composer](http://getcomposer.org) to install the bundle:

`composer require fantoine/csrf-route-bundle '~1.0@dev'`

or add the following line in your `composer.json` file:

```
    "require": {
        ...
        "fantoine/csrf-route-bundle": "~1.0@dev",
        ...
    }
```

Then, register the bundle in your application's kernel class:

```
    // app/AppKernel.php
    public function registerBundles()
    {
        $bundles = array(
            // ...
            new Fantoine\CsrfRouteBundle\FantoineCsrfRouteBundle(),
            // ...
        );
    }
```

Configuration
-------------

[](#configuration)

Configuration reference :

```
fantoine_csrf_route:
    enabled: true
    field_name: _token
```

- **enabled** : Enable or disable the token verification (default: `true`);
- **field\_name** : The name of the field appended to route URLs (default: `_token`).

Usage
-----

[](#usage)

The only thing to do to use this package is to add some configurations to the routes you want to protect.

The bundle adds a router which can append a token query parameter on route generation and a controller listener validate which validates token on called routes.

### Options configuration

[](#options-configuration)

The bundle checks controller calls and search for a `csrf_token` option. The available parameters for this options are:

- `token` : The token parameter name (by default `_token`)
- `intention` : The token intention. Different intentions generate different tokens (by default `null` which results to the route name).
- `methods` : The HTTP method(s) when the CSRF token is validated (by default `GET`).

```
# app/config/routing.yml
homepage:
    ...
    options:
        - csrf_token:
            - token: '_token'
            - intention: null
            - methods: [GET]
```

You can also only specify the `csrf_token` option to `true` to use default parameters.

```
# app/config/routing.yml
homepage:
    ...
    options: { csrf_token: true }
```

### Annotation configuration

[](#annotation-configuration)

If you use annotations to configurate your routes, then the easiest way it to add an additionnal annotation to the sensible actions:

```
