Commit76c0473

committed

[Security] iscsrftokenvalid-attribute-controller-usage

1 parentb36bab2 commit76c0473Copy full SHA for 76c0473

File tree

+14

-0

lines changed

+14

-0

lines changed

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -273,6 +273,20 @@ Suppose you want a CSRF token per item, so in the template you have something li`
`273`	`273`	`<button type="submit">Delete item</button>`
`274`	`274`	`</form>`
`275`	`275`
	`276`	+In addition:class:`Symfony\\Component\\Security\\Http\\Attribute\\IsCsrfTokenValid`
	`277`	`+attribute can be applied to a controller class.`
	`278`	`+This will cause the CSRF token validation to be executed for all routes defined within the controller::`
	`279`	`+`
	`280`	`+ use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;`
	`281`	`+ use Symfony\Component\Security\Http\Attribute\IsCsrfTokenValid;`
	`282`	`+ // ...`
	`283`	`+`
	`284`	`+ #[IsCsrfTokenValid('controller')]`
	`285`	`+ final class FooController extends AbstractController`
	`286`	`+ {`
	`287`	`+ // ...`
	`288`	`+ }`
	`289`	`+`
`276`	`290`	The:class:`Symfony\\Component\\Security\\Http\\Attribute\\IsCsrfTokenValid`
`277`	`291`	attribute also accepts an:class:`Symfony\\Component\\ExpressionLanguage\\Expression`
`278`	`292`	`object evaluated to the id::`

Comments

(0)