Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.3k
Update security.rst related to stateless JS csrf#21293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:7.3
Are you sure you want to change the base?
Conversation
| the ``data-controller`` part is related to the usage of | ||
| https://symfony.com/doc/current/security/csrf.html#generating-csrf-token-using-javascript | ||
| It can be removed if you use statefull session storage, not stateless. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I don't think it's useful to hint this can be removed. But it's always good to explain why the attribute is here:
| the ``data-controller`` part is related to the usage of | |
| https://symfony.com/doc/current/security/csrf.html#generating-csrf-token-using-javascript | |
| It can be removed if you use statefull session storage, not stateless. | |
| The ``data-controller`` attribute is needed for [internal link here, not absolute URL]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
yes I agree, I can rework it if its accepted
my point was mostly to document why this data attribute is here in the doc (and also on console maker processes)
No description provided.