Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a1d7e49

Browse filesBrowse files
javiereguiluzjaviereguiluz
committed
minor #20811 [Security] Add methods param doc for isCsrfTokenValid attribute (Oviglo)
This PR was squashed before being merged into the 7.3 branch. Discussion ---------- [Security] Add methods param doc for isCsrfTokenValid attribute Add new params for isCsrfTokenValid attribute PR: symfony/symfony#60007 Issue: #20810 Commits ------- 6d7c87f [Security] Add methods param doc for isCsrfTokenValid attribute
2 parents 104552b + 6d7c87f commit a1d7e49
Copy full SHA for a1d7e49

File tree

Expand file treeCollapse file tree

1 file changed

+9
-0
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+9
-0
lines changed

‎security/csrf.rst

Copy file name to clipboardExpand all lines: security/csrf.rst
+9Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -288,6 +288,15 @@ object evaluated to the id::
288288
// ... do something, like deleting an object
289289
}
290290

291+
You can use the ``methods`` parameter to the attribute to specify the HTTP methods that are allowed for
292+
the token validation, :class:`Symfony\\Component\\Security\\Http\\Attribute\\IsCsrfTokenValid` is ignored for other methods. By default, the attribute allows all methods::
293+
294+
#[IsCsrfTokenValid('delete-item', tokenKey: 'token', methods: ['DELETE'])]
295+
public function delete(Post $post): Response
296+
{
297+
// ... delete the object
298+
}
299+
291300
.. versionadded:: 7.1
292301

293302
The :class:`Symfony\\Component\\Security\\Http\\Attribute\\IsCsrfTokenValid`

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.