Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

document old way of checking validity of CSRF token#5818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Closed
snoek09 wants to merge5 commits intosymfony:2.3fromsnoek09:document-old-way-checking-validity-csrf-token
Closed
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletionsbook/controller.rst
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -794,6 +794,24 @@ Just like when creating a controller for a route, the order of the arguments of
order of the arguments, Symfony will still pass the correct value to each
variable.

Checking the Validity of a CSRF Token
-------------------------------------

Sometimes you want to use CSRF protection in an action where you don't want to use a
Symfony form.

If, for example, you're doing a DELETE action, you can use the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

DELETE in backticks?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I checked the docs for mentions of HTTP methods. In a sentence they are never in backticks.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

👍

:method:`Symfony\\Component\\Form\\Extension\\Csrf\\CsrfProvider\\CsrfProviderInterface::isCsrfTokenValid`
method to check the CSRF token::

$csrf = $this->container->get('form.csrf_provider');
$intention = 'authenticate';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Does it make sense to show this without showing a template? When you generate the CSRF token in the template, you would need to also includeauthenticate then, right?

$token = $csrf->generateCsrfToken($intention);

if (!$csrf->isCsrfTokenValid($intention, $token)) {
// CSRF token invalid! Do something, like redirect with an error.
}

Final Thoughts
--------------

Expand Down
[8]ページ先頭
©2009-2025 Movatter.jp