👍

@xabbuh please let me know if the example code is fine now.

@xabbuh is this PR finished?

@snoek09 Sorry for missing your last comment. I left a last minor comment. After that this looks good to be merged to me.

@xabbuh No problem. I updated the link.

👍

@xabbuh I think this is ready to be merged.

@weaverryan@wouterj@javiereguiluz Ready to go here? :)

I added some comments, but I like it! Short and simple.

To be clear, this is not an "old way" of checking CSRF, correct? It seems totally valid and current.

Thanks!

@weaverryan : No it isn't, because theform.csrf_provider service is deprecated since 2.4, as well as the wholeCsrfProviderInterface. We usesecurity.csrf.token_manager instead.

However, I wonder if thebook/controller.rst page is the right place for this ? In#4668,@wouterj suggested to create a new entry in the cookbook instead, and to me it actually makes much more sense to have this in a Controller or Security cookbook section.
I know PRs for 2.6+ are already merged (#5325), but what do you think ?

@ogizanagi is right. The example code has to work with 2.3 using the 'old way'.
I also agree that this documentation should be moved to the cookbook.

I think we can merge it just as it is and then work on converting this into a cookbook recipe afterwards. What do you think?

👍

I like that idea@xabbuh.

@weaverryan@wouterj@javiereguiluz Okay with merging and thinking about how to rework the whole part afterwards?

@xabbuh yes!

👍

Thank you Henry.