Commitf97b8d5

authored and

committed

[Security] iscsrftokenvalid-attribute-controller-usage

1 parente12256c commitf97b8d5Copy full SHA for f97b8d5

File tree

+14

-0

lines changed

+14

-0

lines changed

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -281,6 +281,20 @@ Suppose you want a CSRF token per item, so in the template you have something li`
`281`	`281`	`<button type="submit">Delete item</button>`
`282`	`282`	`</form>`
`283`	`283`
	`284`	+In addition:class:`Symfony\\Component\\Security\\Http\\Attribute\\IsCsrfTokenValid`
	`285`	`+attribute can be applied to a controller class.`
	`286`	`+This will cause the CSRF token validation to be executed for all routes defined within the controller::`
	`287`	`+`
	`288`	`+ use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;`
	`289`	`+ use Symfony\Component\Security\Http\Attribute\IsCsrfTokenValid;`
	`290`	`+ // ...`
	`291`	`+`
	`292`	`+ #[IsCsrfTokenValid('controller')]`
	`293`	`+ final class FooController extends AbstractController`
	`294`	`+ {`
	`295`	`+ // ...`
	`296`	`+ }`
	`297`	`+`
`284`	`298`	The:class:`Symfony\\Component\\Security\\Http\\Attribute\\IsCsrfTokenValid`
`285`	`299`	attribute also accepts an:class:`Symfony\\Component\\ExpressionLanguage\\Expression`
`286`	`300`	`object evaluated to the id::`

Comments

(0)