authenticationsymfonycsrffosuserbundlesymfony2

Disable CSRF token on login form


I am using Symfony2.0 and FOSUserBundle, and would like to disable the csrf token on my login form.

I have disabled the csrf protection globally on my website in my config.yml:

framework:
    csrf_protection:
        enabled:        false

This is working well, there is no csrf field added to my forms. However, this does not apply to the login form. On this form only, I get an "Invalid CSRF Token" error if I don't include the token in the form with:

<input type="hidden" name="_csrf_token" value="{{ csrf_token }}" />

How can I disable the CSRF token on the login form?


Solution

  • If you just go to your security.yml file and remove the csrf_provider from the form_login directive, don't need to update the action class or anything.