Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 91b5e2e

Browse filesBrowse files
Aaron Valandraxabbuh
Aaron Valandra
authored and
xabbuh
committed
Updated documentation as requested by @stof and @xabbuh 
1 parent 0044aa2 commit 91b5e2e
Copy full SHA for 91b5e2e

File tree

Expand file treeCollapse file tree

1 file changed

+6
-12
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+6
-12
lines changed

‎cookbook/security/csrf_in_login_form.rst

Copy file name to clipboardExpand all lines: cookbook/security/csrf_in_login_form.rst
+6-12Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,6 @@ for CSRF. In this article you'll learn how you can use it in your login form.
1313
Login CSRF attacks are a bit less well-known. See `Forging Login Requests`_
1414
if you're curious about more details.
1515

16-
.. note::
17-
18-
Since SF 2.8 ``intention`` has been depreciated, and removed in SF 3.0. It is now labeled as ``csrf_token_id``. ``csrf_provider`` was changed in SF 3.0 to ``csrf_token_generator``.
19-
2016
Configuring CSRF Protection
2117
---------------------------
2218

@@ -37,8 +33,6 @@ provider available in the Security component:
3733
# ...
3834
form_login:
3935
# ...
40-
# Use csrf_provider in SF <2.8
41-
# csrf_provider: security.csrf.token_manager
4236
csrf_token_generator: security.csrf.token_manager
4337
4438
.. code-block:: xml
@@ -72,8 +66,6 @@ provider available in the Security component:
7266
// ...
7367
'form_login' => array(
7468
// ...
75-
// Use csrf_provider in SF <2.8
76-
// 'csrf_provider' => 'security.csrf.token_manager',
7769
'csrf_token_generator' => 'security.csrf.token_manager',
7870
),
7971
),
@@ -130,7 +122,7 @@ After this, you have protected your login form against CSRF attacks.
130122
.. tip::
131123

132124
You can change the name of the field by setting ``csrf_parameter`` and change
133-
the token ID by setting ``csrf_token_id`` ~~``intention``~~ in your configuration:
125+
the token ID by setting ``csrf_token_id`` in your configuration:
134126

135127
.. configuration-block::
136128

@@ -146,7 +138,6 @@ After this, you have protected your login form against CSRF attacks.
146138
form_login:
147139
# ...
148140
csrf_parameter: _csrf_security_token
149-
# intention: a_private_string
150141
csrf_token_id: a_private_string
151142
152143
.. code-block:: xml
@@ -165,7 +156,6 @@ After this, you have protected your login form against CSRF attacks.
165156
<firewall name="secured_area">
166157
<!-- ... -->
167158
<form-login csrf-parameter="_csrf_security_token"
168-
<!-- intention="a_private_string" -->
169159
csrf_token_id="a_private_string"
170160
/>
171161
</firewall>
@@ -185,11 +175,15 @@ After this, you have protected your login form against CSRF attacks.
185175
// ...
186176
'csrf_parameter' => '_csrf_security_token',
187177
'csrf_token_id' => 'a_private_string'
188-
// 'intention' => 'a_private_string',
189178
),
190179
),
191180
),
192181
));
193182
183+
versionadded:: 2.8
184+
The ``intention`` and ``csrf_token_generator`` options were introduced
185+
in Symfony 2.8. Prior, you had to use the ``csrf_token_id`` and ``csrf_provider``
186+
options.
187+
194188
.. _`Cross-site request forgery`: https://en.wikipedia.org/wiki/Cross-site_request_forgery
195189
.. _`Forging Login Requests`: https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.