You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: security/csrf.rst
+8-2Lines changed: 8 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -288,8 +288,10 @@ object evaluated to the id::
288
288
// ... do something, like deleting an object
289
289
}
290
290
291
-
You can use the ``methods`` parameter to the attribute to specify the HTTP methods that are allowed for
292
-
the token validation,:class:`Symfony\\Component\\Security\\Http\\Attribute\\IsCsrfTokenValid` is ignored for other methods. By default, the attribute allows all methods::
291
+
By default, the ``IsCsrfTokenValid`` attribute performs the CSRF token check for
292
+
all HTTP methods. You can restrict this validation to specific methods using the
293
+
``methods`` parameter. If the request uses a method not listed in the ``methods``
294
+
array, the attribute is ignored for that request, and no CSRF validation occurs::