Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

csrf_token now can be used without installing the Form component#9488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Closed
javiereguiluz wants to merge2 commits intosymfony:masterfromjaviereguiluz:fix_9485
Closed
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletionssecurity/csrf.rst
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -12,12 +12,11 @@ CSRF protection works by adding a hidden field to your form that contains a
value that only you and your user know. This ensures that the user - not some
other entity - is submitting the given data.

Before using the CSRF protection, install it in your project (which in turn
requires installing the Symfony Form component):
Before using the CSRF protection, install it in your project:

.. code-block:: terminal

$ composer require security-csrf form
$ composer require security-csrf
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Do we now need to show how to install forms for the section where we integrate CSRF tokens into a Symfony form? Or is it too obvious that you do of course need the Form component for them?

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I agree with you that it would be too obvious to installform first because you are literally creating a Symfony Form in that section.


Then, enable/disable the CSRF protection with the ``csrf_protection`` option
(see the :ref:`CSRF configuration reference <reference-framework-csrf-protection>`
Expand DownExpand Up@@ -278,6 +277,10 @@ After this, you have protected your login form against CSRF attacks.
CSRF Protection in HTML Forms
-----------------------------

.. versionadded:: 4.1
In Symfony versions prior to 4.1, CSRF support required installing the
Symfony Form component even if you didn't use it.

It's also possible to add CSRF protection to regular HTML forms not managed by
the Symfony Form component, for example the simple forms used to delete items.
First, use the ``csrf_token()`` function in the Twig template to generate a CSRF
Expand Down
[8]ページ先頭
©2009-2025 Movatter.jp