merged branch guillaumepotier/master (PR #290)

Commits ------- 96b0db50 [docs] fixed typo 142143af [docs] fixed typos 32c96a4c [docs] added cookbook recipe on how to disable CSRF Protection using FormExtension Discussion ---------- [docs] added cookbook recipe on how to disable CSRF Protection using FormExtension Followed @igorw advice here: https://twitter.com/#!/igorwesome/status/183237649811783682 It also could be awesome to add the FormExtension doc (PR #77) ;)

merged branch guillaumepotier/master (PR #290)
Commits ------- 96b0db50 [docs] fixed typo 142143af [docs] fixed typos 32c96a4c [docs] added cookbook recipe on how to disable CSRF Protection using FormExtension Discussion ---------- [docs] added cookbook recipe on how to disable CSRF Protection using FormExtension Followed @igorw advice here: https://twitter.com/#!/igorwesome/status/183237649811783682 It also could be awesome to add the FormExtension doc (PR #77) ;)
5eac61f3 · Fabien Potencier · b8eb2d1a · 96b0db50 · 5eac61f3 · 5eac61f3
Commit 5eac61f3 authored Mar 26, 2012 by Fabien Potencier
Hide whitespace changes
Inline Side-by-side

Showing with 37 additions and 0 deletions

doc/cookbook/form_no_csrf.rst doc/cookbook/form_no_csrf.rst +34 -0

doc/cookbook/index.rst doc/cookbook/index.rst +3 -0

No files found.
--- a/doc/cookbook/form_no_csrf.rst
+++ b/doc/cookbook/form_no_csrf.rst
+Disable CSRF Protection on a form using the FormExtension
+=========================================================
+
+The *FormExtension* provides a service for building form in your application
+with the Symfony2 Form component. By default, the *FormExtension* uses the
+CSRF Protection avoiding Cross-site request forgery, a method by which a
+malicious user attempts to make your legitimate users unknowingly submit
+data that they don't intend to submit.
+
+You can find more details about CSRF Protection and CSRF token in the `Symfony2 Book:
+<http://symfony.com/doc/current/book/forms.html#csrf-protection>`
+
+In some cases (for example, when embedding a form in an html email) you might want
+not to use this protection. The easiest way to avoid this is to understand that it
+is possible to give specific options to your form builder through the `createBuilder()` function.
+
+Example
+-------
+
+::
+
+    $form = $app['form.factory']->createBuilder('form', null, array('csrf_protection' => false));
+
+That's it, your form could be submited from everywhere without CSRF Protection.
+
+
+Going further..
+---------------
+
+This specific example showed how to change the `csrf_protection` in the `$options`
+parameter of the `createBuilder()` function. More of them could be passed through
+this parameter, it is as simple as using the Symfony2 `getDefaultOptions()` method
+in your form classes. `See more here 
+<http://symfony.com/doc/current/book/forms.html#book-form-creating-form-classes>`
--- a/doc/cookbook/index.rst
+++ b/doc/cookbook/index.rst
@@ -10,6 +10,7 @@ The cookbook section contains recipes for solving specific problems.
    json_request_body
    translating_validation_messages
    session_storage
+    form_no_csrf

 Recipes
 -------
@@ -21,3 +22,5 @@ Recipes
 * :doc:`Translating Validation Messages<translating_validation_messages>`.

 * :doc:`How to use PdoSessionStorage to store sessions in the database <session_storage>`.
+
+* :doc:`How to disable the CSRF Protection on a form using the FormExtension <form_no_csrf>`.
\ No newline at end of file