The following is written on the of the page of FOSRestBundle:
"CSRF validation
When building a single application that should handle forms both via HTML forms as well as via a REST API, one runs into a problem with CSRF token validation. In most cases it is necessary to enable them for HTML forms, but it makes no sense to use them for a REST API. For this reason there is a form extension to disable CSRF validation for users with a specific role. This of course requires that REST API users authenticate themselves and get a special role assigned."
Is this explanation correct? Could you explain why it's correct?
Thank you!
See Question&Answers more detail:os