8000 Updated csrf_in_login_form.rst to include csrf_token_id and csrf_toke… · symfony/symfony-docs@0044aa2 · GitHub
[go: up one dir, main page]
Skip to content
8000

Commit 0044aa2

Browse files
Raistlfirenxabbuh
Raistlfiren
authored and
xabbuh
committed
Updated csrf_in_login_form.rst to include csrf_token_id and csrf_token_generator
Updated CSRF documentation to rename intention and csrf_provider. They were renamed in SF 3.0 to csrf_token_id and csrf_token_generator.
1 parent 8815552 commit 0044aa2

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

cookbook/security/csrf_in_login_form.rst

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,10 @@ for CSRF. In this article you'll learn how you can use it in your login form.
1313
Login CSRF attacks are a bit less well-known. See `Forging Login Requests`_
1414
if you're curious about more details.
1515

16+
.. note::
17+
18+
Since SF 2.8 ``intention`` has been depreciated, and removed in SF 3.0. It is now labeled as ``csrf_token_id``. ``csrf_provider`` was changed in SF 3.0 to ``csrf_token_generator``.
19+
1620
Configuring CSRF Protection
1721
---------------------------
1822

@@ -33,7 +37,9 @@ provider available in the Security component:
3337
# ...
3438
form_login:
3539
# ...
36-
csrf_provider: security.csrf.token_manager
40+
# Use csrf_provider in SF <2.8
41+
# csrf_provider: security.csrf.token_manager
42+
csrf_token_generator: security.csrf.token_manager
3743
3844
.. code-block:: xml
3945
@@ -66,7 +72,9 @@ provider available in the Security component:
6672
// ...
6773
'form_login' => array(
6874
// ...
69-
'csrf_provider' => 'security.csrf.token_manager',
75+
// Use csrf_provider in SF <2.8
76+
// 'csrf_provider' => 'security.csrf.token_manager',
77+
'csrf_token_generator' => 'security.csrf.token_manager',
7078
),
7179
),
7280
),
@@ -122,7 +130,7 @@ After this, you have protected your login form against CSRF attacks.
122130
.. tip::
123131

124132
You can change the name of the field by setting ``csrf_parameter`` and change
125-
the token ID by setting ``intention`` in your configuration:
133+
the token ID by setting ``csrf_token_id`` ~~``intention``~~ in your configuration:
126134

127135
.. configuration-block::
128136

@@ -138,7 +146,8 @@ After this, you have protected your login form against CSRF attacks.
138146
form_login:
139147
# ...
140148
csrf_parameter: _csrf_security_token
141-
intention: a_private_string
149+
# intention: a_private_string
150+
csrf_token_id: a_private_string
142151
143152
.. code-block:: xml
144153
@@ -156,7 +165,8 @@ After this, you have protected your login form against CSRF attacks.
156165
<firewall name="secured_area">
157166
<!-- ... -->
158167
<form-login csrf-parameter="_csrf_security_token"
159-
intention="a_private_string"
168+
<!-- intention="a_private_string" -->
169+
csrf_token_id="a_private_string"
160170
/>
161171
</firewall>
162172
</config>
@@ -174,7 +184,8 @@ After this, you have protected your login form against CSRF attacks.
174184
'form_login' => array(
175185
// ...
176186
'csrf_parameter' => '_csrf_security_token',
177-
'intention' => 'a_private_string',
187+
'csrf_token_id' => 'a_private_string'
188+
// 'intention' => 'a_private_string',
178189
),
179190
),
180191
),

0 commit comments

Comments
 (0)
0