authentication symfony csrf fosuserbundle symfony2

Disable CSRF token on login form

I am using Symfony2.0 and FOSUserBundle, and would like to disable the csrf token on my login form.

I have disabled the csrf protection globally on my website in my config.yml:

framework:
    csrf_protection:
        enabled:        false

This is working well, there is no csrf field added to my forms. However, this does not apply to the login form. On this form only, I get an "Invalid CSRF Token" error if I don't include the token in the form with:

<input type="hidden" name="_csrf_token" value="{{ csrf_token }}" />

How can I disable the CSRF token on the login form?

Solution

If you just go to your security.yml file and remove the csrf_provider from the form_login directive, don't need to update the action class or anything.

How to authenticate Google APIs (Google Drive API) from Google Compute Engine and locally without downloading Service Account credentials?
Access GitLab repo with project access token
How to ensure receiving an SMS verification code from Telegram using Telethon?
How Do I Use KeyCloak in Flutter
How to login with AWS CLI using credentials profiles
How do I use the usethis package when I have already developed an R package on GitHub?
How to update github token on linux?
Add custom JwtBearerHandler to "AddMicrosoftIdentityWebApi" in .net7
How to make a simple authentication in Google Forms using Google apps script?
How handle refresh token and access token for auth system
How to connect snowsql from PC (Windows 10)
I am trying to create a stored procedure to check passwords of logins
Restful API call using IOS with authentication
Get serverAuthCode using Credential Manager
Why can't Google Drive be mounted anymore and shows a browser popup instead of a link for authorization?
How to store httpOnly cookie after redirect from custom SSO?
Where to store the refresh token on the Client?
Tiktok client key
JWT Token returns NULL .NET API Login
Update Next.js to React 18 breaks my API calls using next-auth
What is the maximum length of a SID in SDDL format
Can I use wildcards in the web.config location path attribute?
Minimal API or AccountController for Login with ASP.NET Core Identity?
Next.js with Clerk Auth - how to detect if a user just signed up?
Is it okay to check user claims in AuthorizationHandler only if a route parameter requires users to be authorized?
Conflicting Basic & Bearer Authorization between nginx and my webapp
How does cookie-based authentication work?
How to redirect to same page after login in opencart 3.0.2.0?
Why does Django use is_staff and is_superuser instead of making those a permission?
How can i prevent from Login component render when Firebase Authentication hasn't yet determined