flintci/jquery-ujs-bundle

Symfony bundle adapter for jQuery-ujs and CSRF protection

jQuery UJS bundle

Symfony bundle adapter for jQuery-ujs and CSRF protection., _(*1)

, _(*2)

, _(*3)

, _(*4)

Installation

Install the bundle with composer:, _(*5)

``` bash composer require flintci/jquery-ujs-bundle, <sub>(*6)</sub>

## Configuration

Enable the bundle. It is already done if you use Symfony Flex.

``` php
// config/bundles.php

return [
    FlintCI\jQueryUJSBundle\FlintCIjQueryUJSBundle::class => ['all' => true],
];

Add the metas.html.twig template file on the <head> part:, <sub>(*7)</sub>

{# base.html.twig #}

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        {% include '@FlintCIjQueryUJS/metas.html.twig' %}
    </head>
    {# ... #}
</html>

Finally, install jquery-ujs with Yarn or NPM and include the rails.js file., <sub>(*8)</sub>

Example on a app.js file using WebPack:, <sub>(*9)</sub>

import 'jquery-ujs';

Then, you are good to go!, <sub>(*10)</sub>

Usage

Start using jquery-ujs by writing this special link:, <sub>(*11)</sub>

<a href="{{ path('account_delete') }}" data-method="delete" data-confirm="Are you sure?">

Then you can manually verify the CSRF validity on the controller:, <sub>(*12)</sub>

namespace App\Controller;

use FlintCI\jQueryUJSBundle\Security\Csrf\UjsCsrfManager;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;

/**
 * @Route("/account")
 */
final class AccountController extends Controller
{
    /**
     * @Route("/")
     * @Method("DELETE")
     */
    public function deleteAction(UjsCsrfManager $ujsCsrfManager): Response
    {
        if (!$ujsCsrfManager->isTokenValid()) {
            throw new BadRequestHttpException('Invalid token.');
        }

        // ...
    }
}

Or directly with the annotation:, <sub>(*13)</sub>

namespace App\Controller;

use FlintCI\jQueryUJSBundle\Annotations\UjsCsrf;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Response;

/**
 * @Route("/account")
 */
final class AccountController extends Controller
{
    /**
     * @Route("/")
     * @Method("DELETE")
     * @UjsCsrf
     */
    public function deleteAction(): Response
    {
        // Nothing to check here. A bad request excpetion will be thrown if the token is invalid.
    }
}