Comments (3)
dunglas
commented on May 19, 2024
Hi,
Thanks for your feedback.
I've not tested it but - as it uses events -, enabling CSRF protection through AngularCsrfBundle for the login_check route and disabling the native login form CSRF protection (remove the csrf_provider directive from security.yml should do the trick.
If it works, can you give us a feedback?
Thanks you.
from dunglasangularcsrfbundle.
nschurmann
commented on May 19, 2024
Thanks for the quick response @dunglas and yes!, it works flawless. Your bundle is awesome!
Also the login path brings it's own csrf token and it doesn't interfere. So technically you can still have an html form for login and also an API login with csrf protection. Thanks!
Perhaps you may add this use case to the documentation?
from dunglasangularcsrfbundle.
dunglas
commented on May 19, 2024
You're welcome.
from dunglasangularcsrfbundle.
Related Issues (20)
- Missing LICENSE File HOT 1
- Missing HOT 4
- CSRF cookie expired as soon as it gets created
- The csrf token is rendered when displaying the form
- 1.0.0 Has a Bug with Cookie Expiration Time HOT 2
- Config for security.yml HOT 2
- Provide HttpOnly option HOT 1
- Form CSRF Token Disiabling No Longer Works in Symfony 3.2 HOT 1
- Symfony fails to load if CsrfTokenManager is not loaded HOT 1
- Support for Symfony 4 HOT 1
- Header Information appears in Body
- Can it work with legacy Application? HOT 1
- Problem with storing cookie in the browser HOT 1
- Config option to refresh token on every request
- Please make dunglas_angular_csrf.token_manager service public HOT 3
- 403 error when token expires, but the session is still valid
- Is this still needed for api-platform? HOT 1
- RegEX on Domain or Multiple Domain Configuration
- SameSite cookie configuration
- Allow Symfony 5 HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dunglasangularcsrfbundle.