PHPackages suin/symfony2-csrf-firewall-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. suin/symfony2-csrf-firewall-bundle ActiveLibrary[Security](/categories/security) suin/symfony2-csrf-firewall-bundle ================================== Cross site request forgery firewall bundle for Symfony2 1.0.0(13y ago)2885MIT LicensePHP >=5.3.0 Since Oct 22Pushed 13y ago1 watchersCompare [ Source](https://github.com/suin/symfony2-csrf-firewall-bundle)[ Packagist](https://packagist.org/packages/suin/symfony2-csrf-firewall-bundle)[ Docs](https://github.com/suin/symfony2-csrf-firewall-bundle)[ RSS](/packages/suin-symfony2-csrf-firewall-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (2)Used By (0) Suin\\CSRFFirewallBundle for Symfony2 ===================================== [](#suincsrffirewallbundle-for-symfony2) This is a firewall bundle which protects your Symfony2 websites form CSRF(cross site request forgery) attack. This bundle works almost automatically, so you don't need to consider CSRF protections for each pages. Features -------- [](#features) - All post-method-form will be protected from CSRF(even if you don't use Symfony Form's anti-CSRF) Requirements ------------ [](#requirements) - PHP 5.3 or later Installation ------------ [](#installation) Add `suin/symfony2-csrf-firewall-bundle` to your composer.json: ``` { "require": { "suin/symfony2-csrf-firewall-bundle":">=1.0.0" } } ``` Execute composer to install: ``` $ php composer.phar update suin/symfony2-csrf-firewall-bundle ``` Add `Suin\CSRFFirewallBundle\SuinCSRFFirewallBundle` to your `app/AppKernel.php`: ``` class AppKernel extends Kernel { public function registerBundles() { $bundles = array( ... new Suin\CSRFFirewallBundle\SuinCSRFFirewallBundle(), ); ... ... ``` How it works ------------ [](#how-it-works) SuinCSRFFirewallBundle always check CSRF token at all POST method. If the token was not given or an invalid token was given, SuinCSRFFirewallBundle returns 404 Bad Request response to clienet and stops process before the action execution. (exactlly this filter works on `kernel.controller` event.) At response (exactlly on `kernel.response` event), SuinCSRFFirewallBundle finds all post method forms in the response HTML and automatically embeds CSRF tokens to form to form. Options ------- [](#options) ### How to disable CSRF check at a specific action [](#how-to-disable-csrf-check-at-a-specific-action) With adding `@CSRF(check=false)` annotation to a specific action method, you can disable CSRF check at the action. ```