Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a0952bf

Browse filesBrowse files
weaverryanweaverryan
committed
[#4732] Tweaking language, clarifying purpose of disabling form and that you can disable CSRF on 1 form
1 parent 0783879 commit a0952bf
Copy full SHA for a0952bf

File tree

Expand file treeCollapse file tree

2 files changed

+13
-5
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+13
-5
lines changed

‎book/forms.rst

Copy file name to clipboardExpand all lines: book/forms.rst
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1776,6 +1776,8 @@ The CSRF token can be customized on a form-by-form basis. For example::
17761776
// ...
17771777
}
17781778

1779+
.. _form-disable-csrf:
1780+
17791781
To disable CSRF protection, set the ``csrf_protection`` option to false.
17801782
Customizations can also be made globally in your project. For more information,
17811783
see the :ref:`form configuration reference <reference-framework-form>`

‎reference/configuration/framework.rst

Copy file name to clipboardExpand all lines: reference/configuration/framework.rst
+11-5Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -227,8 +227,11 @@ enabled
227227

228228
Whether or not to enable support for the Form component.
229229

230-
You will also have to disable form support if you want to
231-
:ref:`disable the validation support <validation-enabled>`.
230+
If you don't use forms, setting this to ``false`` may increase your application's
231+
performance because less services will be loaded into the container.
232+
233+
If this is activated, the :ref:`validation system <validation-enabled>`
234+
is also enabled automatically.
232235

233236
csrf_protection
234237
~~~~~~~~~~~~~~~
@@ -241,9 +244,12 @@ enabled
241244
**type**: ``boolean`` **default**: ``true`` if form support is enabled, ``false``
242245
otherwise
243246

244-
This option can be used to disable CSRF protection of forms. You need to
245-
disable CSRF protection to be able to disable session. For example, this
246-
is useful when you only use forms in an API-only website.
247+
This option can be used to disable CSRF protection on *all* forms. But you
248+
can also :ref:`disable CSRF protection on individual forms <form-disable-csrf>`.
249+
250+
If you're using forms, but want to avoid starting your session (e.g. using
251+
forms in an API-only website), ``csrf_protection`` will need to be set to
252+
``false``.
247253

248254
field_name
249255
..........

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.