Commite1dd12e

committed

Merge branch '7.2' into 7.3

* 7.2: Minor tweak [Security] Stateless CSRF is enabled by default in 7.2

2 parentsa0a6b3f +7d13bac commite1dd12eCopy full SHA for e1dd12e

File tree

-3

lines changed

-3

lines changed

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -348,9 +348,10 @@ Stateless CSRF Tokens`
`348`	`348`
`349`	`349`	`Stateless anti-CSRF protection was introduced in Symfony 7.2.`
`350`	`350`
`351`		`-By default CSRF tokens are stateful, which means they're stored in the session.`
`352`		-But some token ids can be declared as stateless using the ``stateless_token_ids``
`353`		`-option:`
	`351`	`+Traditionally, CSRF tokens are stateful, meaning they're stored in the session.`
	`352`	`+However, some token IDs can be declared as stateless using the`
	`353`	+``stateless_token_ids`` option. Stateless CSRF tokens are enabled by default
	`354`	+in applications using:ref:`Symfony Flex<symfony-flex>`.
`354`	`355`
`355`	`356`	`..configuration-block::`
`356`	`357`

Comments

(0)