Disable csrf protection in Symfony

Disable LOCAL csrf protection

In order to disable CSRF for just *this* form, inside the form configure() method add following code


Disable GLOBAL csrf protection

It might also happen that you want to quickly disable CSRF protection for all forms you have, you can do this using static method disableCSRFProtection() on sfForm.



Symfony Coding Standards Tips


  • Never use short tags (<?);
  • Don’t end class files with the usual ?> closing tag;
  • Indentation is done by steps of four spaces (tabs are never allowed);
  • Use the linefeed character (0x0A) to end lines;
  • Add a single space after each comma delimiter;
  • Don’t put spaces after an opening parenthesis and before a closing one;
  • Add a single space around operators (==, &&, …);
  • Add a single space before the opening parenthesis of a control keyword (if, else, for, while, …);
  • Add a blank line before return statements, unless the return is alone inside a statement-group (like an if statement);
  • Don’t add trailing spaces at the end of lines;
  • Use braces to indicate control structure body regardless of the number of statements it contains;
  • Put braces on their own line for classes, methods, and functions declaration;
  • Separate the conditional statements (if, else, …) and the opening brace with a single space and no blank line;
  • Declare visibility explicitly for class, methods, and properties (usage of var is prohibited);
  • Use lowercase PHP native typed constants: false, true, and null. The same goes for array();
  • Use uppercase strings for constants with words separated with underscores;
  • Define one class per file;
  • Declare class properties before methods;
  • Declare public methods first, then protected ones and finally private ones.

Continue reading