Commit2ecb02e

committed

Merge branch '7.2' into 7.3

* 7.2: Minor tweaks [Security] iscsrftokenvalid-attribute-controller-usage

2 parents91c2882 +83b3092 commit2ecb02eCopy full SHA for 2ecb02e

File tree

+14

-0

lines changed

+14

-0

lines changed

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -281,6 +281,20 @@ Suppose you want a CSRF token per item, so in the template you have something li`
`281`	`281`	`<button type="submit">Delete item</button>`
`282`	`282`	`</form>`
`283`	`283`
	`284`	`+This attribute can also be applied to a controller class. When used this way,`
	`285`	`+the CSRF token validation will be applied to all actions defined in that`
	`286`	`+controller::`
	`287`	`+`
	`288`	`+ use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;`
	`289`	`+ use Symfony\Component\Security\Http\Attribute\IsCsrfTokenValid;`
	`290`	`+ // ...`
	`291`	`+`
	`292`	`+ #[IsCsrfTokenValid('the token ID')]`
	`293`	`+ final class SomeController extends AbstractController`
	`294`	`+ {`
	`295`	`+ // ...`
	`296`	`+ }`
	`297`	`+`
`284`	`298`	The:class:`Symfony\\Component\\Security\\Http\\Attribute\\IsCsrfTokenValid`
`285`	`299`	attribute also accepts an:class:`Symfony\\Component\\ExpressionLanguage\\Expression`
`286`	`300`	`object evaluated to the id::`

Comments

(0)