The default CSRF prevention in Symfony is form-based (which happens automatically if you use the provided form builder). However, for AJAX requests it is tedious to manually attach the CSRF token to each HTTP request and then check it manually for each request.
A good approach would be to embed the token as an HTTP header, as suggested in the comments of this question. jQuery can then be configured to include this header on each request as described here.
My question is how best to handle this within Symfony? I can include the CSRF token in each page using Twig, but how do I check incoming requests to ensure that each request contains a valid token in the header?
I'm aware of how to access the HTTP headers using $request->headers->get('X-CSRF-Token')
from within a controller, but that still means having to perform this check within each controller individually. Whereabouts should I add this check so that it is caught as early as possible?