Commitecb5e62

committed

Simplified the docs about caching pages with CSRF forms

1 parenta425cc3 commitecb5e62Copy full SHA for ecb5e62

File tree

6 files changed

+20

-57

lines changed

_build
- redirection_map
forms.rst
http_cache
- form_csrf_caching.rst
- varnish.rst
performance.rst
security
- csrf.rst

6 files changed

+20

-57

lines changed

`‎_build/redirection_map‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -401,3 +401,4 @@`
`401`	`401`	`/weblink /web_link`
`402`	`402`	`/components/weblink /components/web_link`
`403`	`403`	`/frontend/encore/installation-no-flex /frontend/encore/installation`
	`404`	`+/http_cache/form_csrf_caching /security/csrf`

`‎forms.rst‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -714,7 +714,7 @@ Learn more`
`714`	`714`	`/form/*`
`715`	`715`	`/controller/upload_file`
`716`	`716`	`/reference/forms/types`
`717`		`-/http_cache/form_csrf_caching`
	`717`	`+/security/csrf`
`718`	`718`
`719`	`719`	.. _`Symfony Form component`:https://github.com/symfony/form
`720`	`720`	.. _`DateTime`:https://php.net/manual/en/class.datetime.php

`‎http_cache/form_csrf_caching.rst‎`

Lines changed: 0 additions & 43 deletions

This file was deleted.

`‎http_cache/varnish.rst‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ at least for some parts of the site, e.g. when using forms with`
`65`	`65`	:doc:`CSRF Protection</security/csrf>`. In this situation, make sure to
`66`	`66`	:doc:`only start a session when actually needed</session/avoid_session_start>`
`67`	`67`	`and clear the session when it is no longer needed. Alternatively, you can look`
`68`		-into:doc:`/http_cache/form_csrf_caching`.
	`68`	+into:doc:`/security/csrf`.
`69`	`69`
`70`	`70`	`Cookies created in JavaScript and used only in the frontend, e.g. when using`
`71`	`71`	`Google Analytics, are nonetheless sent to the server. These cookies are not`

`‎performance.rst‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,6 @@ Learn more`
`138`	`138`	`----------`
`139`	`139`
`140`	`140`	*:doc:`/http_cache/varnish`
`141`		-*:doc:`/http_cache/form_csrf_caching`
`142`	`141`
`143`	`142`	.. _`byte code caches`:https://en.wikipedia.org/wiki/List_of_PHP_accelerators
`144`	`143`	.. _`OPcache`:https://php.net/manual/en/book.opcache.php

`‎security/csrf.rst‎`

Lines changed: 17 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,22 @@ for more information):`
`55`	`55`	`'csrf_protection' => null,`
`56`	`56`	`));`
`57`	`57`
	`58`	`+The tokens used for CSRF protection are meant to be different for every user and`
	`59`	`+they are stored in the session. That's why a session is started automatically as`
	`60`	`+soon as you render a form with CSRF protection.`
	`61`	`+`
	`62`	`+.. _caching-pages-that-contain-csrf-protected-forms:`
	`63`	`+`
	`64`	`+Moreover, this means that you cannot fully cache pages that include CSRF`
	`65`	`+protected forms. As an alternative, you can:`
	`66`	`+`
	`67`	+* Embed the form inside an uncached:doc:`ESI fragment</http_cache/esi>` and
	`68`	`+ cache the rest of the page contents;`
	`69`	`+* Cache the entire page and load the form via an uncached AJAX request;`
	`70`	+* Cache the entire page and use:doc:`hinclude.js</templating/hinclude>` to
	`71`	`+ load just the CSRF token with an uncached AJAX request and replace the form`
	`72`	`+ field value with it.`
	`73`	`+`
`58`	`74`	`CSRF Protection in Symfony Forms`
`59`	`75`	`--------------------------------`
`60`	`76`
`@@ -92,17 +108,6 @@ this can be customized on a form-by-form basis::`
`92`	`108`	`// ...`
`93`	`109`	`}`
`94`	`110`
`95`		`-..caution::`
`96`		`-`
`97`		`- Since the token is stored in the session, a session is started automatically`
`98`		`- as soon as you render a form with CSRF protection.`
`99`		`-`
`100`		`-..caution::`
`101`		`-`
`102`		`- CSRF tokens are meant to be different for every user. Beware of that when`
`103`		`- caching pages that include forms containing CSRF tokens. For more`
`104`		- information, see:doc:`/http_cache/form_csrf_caching`.
`105`		`-`
`106`	`111`	`CSRF Protection in Login Forms`
`107`	`112`	`------------------------------`
`108`	`113`
`@@ -113,6 +118,7 @@ CSRF Protection in HTML Forms`
`113`	`118`	`-----------------------------`
`114`	`119`
`115`	`120`	`..versionadded::4.1`
	`121`	`+`
`116`	`122`	`In Symfony versions prior to 4.1, CSRF support required installing the`
`117`	`123`	`Symfony Form component even if you didn't use it.`
`118`	`124`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitecb5e62

File tree

6 files changed

6 files changed

`‎_build/redirection_map‎`

`‎forms.rst‎`

`‎http_cache/form_csrf_caching.rst‎`

`‎http_cache/varnish.rst‎`

`‎performance.rst‎`

`‎security/csrf.rst‎`

0 commit comments