Symfony: secure delete link with CSRFProtection

I have a delete link to delete a Comment object by ID /comment/:id/delete

In order to secure this link I add a csrf token to the link

$CSRFTokenForm = new BaseForm();
$link = url_for(..., array('_csrf_token' => $CSRFTokenForm->getCSRFToken()));

and in the executeDelete i use the checkCSRFProtection() method, and it all works fine.

The only thing is that each comment is displayed by a partial, and each partial creates it's own BaseForm() in order to create the token, which is waste of time since they're all the same..

Do you have a better idea on how to make it more efficie开发者_Python百科nt, like maybe a static getCSRFToken() method or creating a global BaseForm()?

Use SF's method => delete. It creates the CSRF token for you:

<?php 
    echo link_to('comment/' . $comment->getId() . '/delete', 
             array(
                 'method'  => 'delete', 
                 'confirm' => 'Do you really want to delete the comment??', 
                 'title'   => 'Delete'
             )
         ); 
?>

Yes it's a jQuery Plugin error. If you are using sfJqueryReloadedPlugin - 1.4.3 you need to change the source code of the file jQueryHelper in the plugin's directory and put "BaseForm" instead of "sfForm" in the "csrf => 1" sectuo

With the jQuery Plugin try:

jq_link_to_remote('comment/' . $comment->getId() . '/delete', array('csrf' => 1))

Found it in the sourcecode and they do it with a BaseForm instance, too.