Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitfb4f19e

Browse files
committed
Minor rewords in the CSRF docs
1 parenta425cc3 commitfb4f19e

File tree

2 files changed

+18
-10
lines changed

2 files changed

+18
-10
lines changed

‎reference/twig_reference.rst‎

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -277,6 +277,8 @@ form_rest
277277
Renders all fields that have not yet been rendered, more information in
278278
:ref:`the Twig Form reference<reference-forms-twig-rest>`.
279279

280+
.. _reference-twig-function-csrf-token:
281+
280282
csrf_token
281283
~~~~~~~~~~
282284

@@ -285,10 +287,10 @@ csrf_token
285287
{{ csrf_token(intention) }}
286288
287289
``intention``
288-
**type**: ``string``
290+
**type**: ``string`` - an arbitrary string used to generate the token value.
289291

290-
Renders a CSRF token. Use this function if you want CSRF protectionwithout
291-
creating a form.
292+
Renders a CSRF token. Use this function if you want:doc:`CSRF protection</security/csrf>`
293+
in aregular HTMLform not managed by the Symfony Form component.
292294

293295
is_granted
294296
~~~~~~~~~~

‎security/csrf.rst‎

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -109,22 +109,28 @@ CSRF Protection in Login Forms
109109
See:doc:`/security/form_login_setup` for a login form that is protected from
110110
CSRF attacks.
111111

112-
CSRF Protection in HTML Forms
113-
-----------------------------
112+
.. _csrf-protection-in-html-forms:
113+
114+
Generating and Checking CSRF Tokens Manually
115+
--------------------------------------------
114116

115117
..versionadded::4.1
118+
116119
In Symfony versions prior to 4.1, CSRF support required installing the
117120
Symfony Form component even if you didn't use it.
118121

119-
It's also possible to add CSRF protection to regular HTML forms not managed by
120-
the Symfony Form component, for example the simple forms used to delete items.
121-
First, use the ``csrf_token()`` function in the Twig template to generate a CSRF
122-
token and store it as a hidden field of the form:
122+
Although Symfony Forms provide automatic CSRF protection by default, you may
123+
need to generate and check CSRF tokens manually for example when using regular
124+
HTML forms not managed by the Symfony Form component.
125+
126+
Consider a simple HTML form created to allow deleting items. First, use the
127+
:ref:`csrf_token() Twig function<reference-twig-function-csrf-token>` to
128+
generate a CSRF token in the template and store it as a hidden form field:
123129

124130
..code-block::twig
125131
126132
<form action="{{ url('admin_post_delete', { id: post.id }) }}" method="post">
127-
{# the argument of csrf_token() is an arbitraryvalue used to generate the token #}
133+
{# the argument of csrf_token() is an arbitrarystring used to generate the token #}
128134
<input type="hidden" name="token" value="{{ csrf_token('delete-item') }}" />
129135
130136
<button type="submit">Delete item</button>

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp