8000 [Security] : Aligning CSRF `tokenId` with other code sample by ThomasLandauer · Pull Request #19808 · symfony/symfony-docs · GitHub
[go: up one dir, main page]
Skip to content

[Security] : Aligning CSRF tokenId with other code sample #19808

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: 5.4
Choose a base branch
from
Open

[Security] : Aligning CSRF tokenId with other code sample #19808

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d80b3c4
[Security]: Aligning CSRF `tokenId` with other code sample
ThomasLandauer Apr 20, 2024
12e045d
Update custom_authenticator.rst
ThomasLandauer Apr 20, 2024
92a8fe8
Update security.rst
ThomasLandauer Apr 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Update security.rst
  • Loading branch information
@ThomasLandauer
ThomasLandauer authored Apr 21, 2024
commit 92a8fe849e1af1c734998a2fe73450989e9eb6ef
6 changes: 3 additions & 3 deletions security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -958,9 +958,9 @@ First, you need to enable CSRF on the form login:

.. _csrf-login-template:

Then, use the ``csrf_token()`` function in the Twig template to generate a CSRF
token and store it as a hidden field of the form. By default, the HTML field
is called ``_csrf_token`` and takes an arbitrary string as argument ``tokenId``:
Then, add a hidden field to the form. In order to work with the built-in ``FormLoginAuthenticator``,
the HTML field must be called ``_csrf_token``, and the argument of Twig's ``csrf_token()`` function
must be called ``authenticate``:

.. code-block:: html+twig

Expand Down
0