An unobtrusive JavaScript bundle for Symfony 2. Allows for using non-GET routes with simple links.
- Symfony
- jQuery
Install just like any other Symfony bundle. See the section below on security for further instructions.
After installing, you will need to run app/console assets:install
or add
@UjsBundle/Resources/public/js/ujs.js
if you are using Assetic.
For any link that you would like to submit with an HTTP method other than GET,
just include a data-method
attribute, like so:
<a href="/posts/15" data-method="DELETE">Delete this post</a>
You may optionally include a data-confirm
attribute, which will be used as
the text in the JavaScript confirm dialog.
<a href="/posts/15" data-method="DELETE" data-confirm="Are you sure you
want to delete this post?">Delete this post</a>
If you set the data-confirm
attribute to false
, no confirmation message
will be presented. Be careful with this, though, since browsers that do link
prefetching may follow the link and perform destructive actions.
Important!! If you do not implement these steps, your app will be vulnerable to cross-site scripting attacks!
First, you will need to include an HTML <meta>
tag on any page that yo would
like to use UJS. For example, add the following to your <head>
section:
<meta name="_ujs_csrf_token" content="{{ csrf_token('ujs') }}" />
<meta name="_ujs_csrf_token_name" content="_ujs_csrf_token" />
Any controller action that you would like to submit with UJS should check the CSRF token to make sure it is valid, like so:
public function deleteAction(Request $request)
{
if ($request->request->has('_ujs_csrf_token') && $this->get('form.csrf_provider')->isCsrfTokenValid('ujs', $request->request->get('_ujs_csrf_token'))) {
// Do your deleting, posting, etc.
}
}