Hi@Oviglo,

I believe the best approach would be to separate the logic into two distinct methods: one forGET and another forDELETE.
This would not only solve your issue but also improve the clarity and maintainability of your code.

Hi@Oviglo,

I believe the best approach would be to separate the logic into two distinct methods: one forGET and another forDELETE. This would not only solve your issue but also improve the clarity and maintainability of your code.

Yes, but it will make my controller heavier. Another solution is to create an empty form for using native csrf validation.

Is it an official recommendation to use only one method per action ?

I’m not sure what you mean by "heavier" in this context.

There is no official recommendation to use only one method per action, it is more about the single-responsibility principle.

Here’s an example that should work as expected:

#[Route('/delete/{id}', name:'get', methods: ['GET'], requirements: ['id' => Requirement::UUID])]publicfunctionget(User$user):Response{return$this->render('/admin/user/delete.html.twig', ['entity' =>$user]);}#[Route('/delete/{id}', name:'delete', methods: ['DELETE'], requirements: ['id' => Requirement::UUID])]#[IsCsrfTokenValid(newExpression('"delete" ~ args["user"].getId()'))]publicfunctiondelete(User$user,UserManager$userManager):Response{$userManager->remove($user);return$this->redirectToRoute('admin_user_index');}

So, better close?

If you don’t find any utility, yes 😥

Merci à vous.

Instead of a list of methods, what about checking if it is a non-safe method?

Yes you are right, a csrf token is only used for POST PUT DELETE and PATCH is’nt ?

CSRF tokens can also be used for GET requests, eg for logout links (that's a common practice, even if not recommended).

Thank you@Oviglo.