It, happens, sometimes out-of-box, strange solution is required. I needed (for some reason can’t remember why) to disable CSRF protection on one of my symfony forms. The solution to the problem is quite easy and you can embed it directly in the Form configure() method.
Disable LOCAL csrf protection
In order to disable CSRF for just *this* form, inside the form configure() method add following code
$this->disableLocalCSRFProtection();
Disable GLOBAL csrf protection
It might also happen that you want to quickly disable CSRF protection for all forms you have, you can do this using static method disableCSRFProtection() on sfForm.
sfForm::disableCSRFProtection()
