Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3d1e8a7

Browse files
committed
Merge branch '2.7' into 2.8
* 2.7: revert form login CSRF changes on wrong branch
2 parents53726dd +f1c30e4 commit3d1e8a7

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

‎cookbook/security/csrf_in_login_form.rst

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ provider available in the Security component:
3333
# ...
3434
form_login:
3535
# ...
36-
csrf_token_generator:security.csrf.token_manager
36+
csrf_provider:security.csrf.token_manager
3737
3838
..code-block::xml
3939
@@ -50,7 +50,7 @@ provider available in the Security component:
5050
5151
<firewallname="secured_area">
5252
<!-- ...-->
53-
<form-logincsrf-token-generator="security.csrf.token_manager" />
53+
<form-logincsrf-provider="security.csrf.token_manager" />
5454
</firewall>
5555
</config>
5656
</srv:container>
@@ -66,7 +66,7 @@ provider available in the Security component:
6666
// ...
6767
'form_login' => array(
6868
// ...
69-
'csrf_token_generator' => 'security.csrf.token_manager',
69+
'csrf_provider' => 'security.csrf.token_manager',
7070
),
7171
),
7272
),
@@ -124,7 +124,7 @@ After this, you have protected your login form against CSRF attacks.
124124
..tip::
125125

126126
You can change the name of the field by setting ``csrf_parameter`` and change
127-
the token ID by setting ``csrf_token_id`` in your configuration:
127+
the token ID by setting ``intention`` in your configuration:
128128

129129
..configuration-block::
130130

@@ -140,7 +140,7 @@ After this, you have protected your login form against CSRF attacks.
140140
form_login:
141141
# ...
142142
csrf_parameter:_csrf_security_token
143-
csrf_token_id:a_private_string
143+
intention:a_private_string
144144
145145
..code-block::xml
146146
@@ -158,7 +158,7 @@ After this, you have protected your login form against CSRF attacks.
158158
<firewallname="secured_area">
159159
<!-- ...-->
160160
<form-logincsrf-parameter="_csrf_security_token"
161-
csrf-token-id="a_private_string"
161+
intention="a_private_string"
162162
/>
163163
</firewall>
164164
</config>
@@ -176,7 +176,7 @@ After this, you have protected your login form against CSRF attacks.
176176
'form_login' => array(
177177
// ...
178178
'csrf_parameter' => '_csrf_security_token',
179-
'csrf_token_id' => 'a_private_string'
179+
'intention' => 'a_private_string'
180180
),
181181
),
182182
),

‎reference/configuration/security.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -162,8 +162,8 @@ Each part will be explained in the next section.
162162
163163
# csrf token options
164164
csrf_parameter:_csrf_token
165-
csrf_token_id:authenticate
166-
csrf_token_generator:my.csrf_token_generator.id
165+
intention:authenticate
166+
csrf_provider:my.csrf_token_generator.id
167167
168168
# by default, the login form *must* be a POST, not a GET
169169
post_only:true

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp