Chapters
39 Chapters
|
4:45:13
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!Compatible PHP versions: ^7.1.3, <8.0
Subscribe to download the code!Compatible PHP versions: ^7.1.3, <8.0
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
08.
SameSite Cookies & CSRF Attacks
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
This tutorial works great for Symfony 5 and API Platform 2.5/2.6.
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": "^7.1.3, <8.0",
"ext-ctype": "*",
"ext-iconv": "*",
"api-platform/core": "^2.1", // v2.4.5
"composer/package-versions-deprecated": "^1.11", // 1.11.99
"doctrine/annotations": "^1.0", // 1.13.2
"doctrine/doctrine-bundle": "^1.6", // 1.11.2
"doctrine/doctrine-migrations-bundle": "^2.0", // v2.0.0
"doctrine/orm": "^2.4.5", // v2.7.2
"nelmio/cors-bundle": "^1.5", // 1.5.6
"nesbot/carbon": "^2.17", // 2.21.3
"phpdocumentor/reflection-docblock": "^3.0 || ^4.0", // 4.3.1
"symfony/asset": "4.3.*", // v4.3.2
"symfony/console": "4.3.*", // v4.3.2
"symfony/dotenv": "4.3.*", // v4.3.2
"symfony/expression-language": "4.3.*", // v4.3.2
"symfony/flex": "^1.1", // v1.21.6
"symfony/framework-bundle": "4.3.*", // v4.3.2
"symfony/http-client": "4.3.*", // v4.3.3
"symfony/monolog-bundle": "^3.4", // v3.4.0
"symfony/security-bundle": "4.3.*", // v4.3.2
"symfony/twig-bundle": "4.3.*", // v4.3.2
"symfony/validator": "4.3.*", // v4.3.2
"symfony/webpack-encore-bundle": "^1.6", // v1.6.2
"symfony/yaml": "4.3.*" // v4.3.2
},
"require-dev": {
"hautelook/alice-bundle": "^2.5", // 2.7.3
"symfony/browser-kit": "4.3.*", // v4.3.3
"symfony/css-selector": "4.3.*", // v4.3.3
"symfony/maker-bundle": "^1.11", // v1.12.0
"symfony/phpunit-bridge": "^4.3", // v4.3.3
"symfony/stopwatch": "4.3.*", // v4.3.2
"symfony/web-profiler-bundle": "4.3.*" // v4.3.2
}
}
4 Comments
hi I am involved in a covid project and I have to build an api, I followed this tutorial and you make everything very easy to understand, there is another lab that needs to use our api in a medical HIPAA environment, what do you recommend for security, I checked for tutorials on JWT but not sure yet, do you recommend json_login as you implement here for my situation or should I go with JWT route. Please let me know. thank you so much again for symfonycasts
Hey @sherif807!
Oh boy, covid & hippa - that's a big deal :). I might recommend using OAuth2 specifically with the "client credentials" grant type, which is built for this. Part of the reason I'm choosing this is that OAuth2 (while it can be complex and is often overkill) is a well-known standard, and since you are building something for a sensitive environment, there is value in using something standard. I would try implementing it with this bundle https://github.com/trikoder... - you could actually disable all the other grant types.
The important thing to understand with this is that ultimately, the other application will be able to use their credentials to fetch a temporary access token from your API. And then it can use that on future requests. I would probably not use JWT, just for added security because JWT's cannot (natively) be "revoked" - they are valid until they expire. In the unlikely event something crazy happens, if you have a database of access tokens (not JWT), then you could quickly revoke all of them and instantly deny access.
Let me know what you think and what doubts you might have!
Cheers and keep up the good work!
This theory is really good to have, however it would be good to understand what CORS is as I've heard that term a bit but don't really understand it. Maybe it's in a later tutorial...
Hey Cameron,
We explain CORS a bit in this screencast: https://symfonycasts.com/sc... - let us know if it was helpful for you.
Cheers!
"Houston: no signs of life"
Start the conversation!