在 FOSUserBundle 中通过 post 方法注册新用户时禁用 CSRF

Posted 2023-02-16

【中文标题】在 FOSUserBundle 中通过 post 方法注册新用户时禁用 CSRF

【英文标题】：Disable CSRF when registering by a post method a new user in FOSUserBundle

【发布时间】：2020-10-11 06:24:15

【问题描述】：

我希望将 post rest 方法和 FOSUserBundle 结合到我的 symfony 3 应用程序以注册新用户，所以问题是当我使用发布新用户时出现此错误 Bad Request with "The CSRF token is invalid. Please try to resubmit the form

here is the page that appears when i use to post a new user

这是注册方法：

class DefaultController extends BaseController


 /**
 * @Route("/register", name="registermethod")
 */
public function registerAction(Request $request)


    $usermane = $request->query->get('username');
    $password = $request->query->get('password');
    $email = $request->query->get('email');
    /** @var $formFactory FactoryInterface */
    $formFactory = $this->get('fos_user.registration.form.factory');
    /** @var $userManager UserManagerInterface */
    $userManager = $this->get('fos_user.user_manager');
    /** @var $dispatcher EventDispatcherInterface */
    $dispatcher = $this->get('event_dispatcher');

    $user = $userManager->createUser();
    $user->setEnabled(true);

    $event = new GetResponseUserEvent($user, $request);
    $dispatcher->dispatch(FOSUserEvents::REGISTRATION_INITIALIZE, $event);

    if (null !== $event->getResponse()) 
        return $event->getResponse();
    
    $form = $formFactory->createForm();
    $user->setUsername($usermane);
    $user->setPlainPassword($password);
    $user->setEmail($email);
    $form->setData($user);

    $form->handleRequest($request);

    $form->submit($request->request->all());

    if ($form->isSubmitted()) 
        if ($user->getUsername() != null) 

            $event = new FormEvent($form, $request);
            $dispatcher->dispatch(FOSUserEvents::REGISTRATION_SUCCESS, $event);

            $userManager->updateUser($user);

            /*****************************************************
             * Add new functionality (e.g. log the registration) *
             *****************************************************/
            $this->container->get('logger')->info(
                sprintf("New user registration: %s", $user)
            );

            if (null === $response = $event->getResponse()) 
                $url = $this->generateUrl('fos_user_registration_confirmed');
                $response = new RedirectResponse($url);
            

            $dispatcher->dispatch(FOSUserEvents::REGISTRATION_COMPLETED, new FilterUserResponseEvent($user, $request, $response));

            return $response;
        

        $event = new FormEvent($form, $request);
        $dispatcher->dispatch(FOSUserEvents::REGISTRATION_FAILURE, $event);

        if (null !== $response = $event->getResponse()) 
            return $response;
        
    

    return $this->render('@FOSUser/Registration/register.html.twig', array(
        'form' => $form->createView(),
    ));

我习惯在我的 Angular 应用程序中发布这个方法，所以链接是这样的http://localhost:8000/showing1?username=azaz&email=asc@gmail.com&password=123456789

提前谢谢你。

【参考方案1】：

我不确定这是否可取，但你可以做的是。

$form = $formFactory->createForm(['csrf_protection' => false]);

【讨论】：

你好 julien 谢谢你的回复，但是这显示了这个错误Address in mailbox given [] does not comply with RFC 2822, 3.6.2.

好吧，如果你在它失败之前dump($form->getData();die; 你会得到什么？此外，您是否有理由手动执行所有这些操作？