4668 document isCsrfTokenValid

symfony · weaverryan · Nov 5, 2015 · May 24, 2015 · May 28, 2015 · Jul 29, 2015
commit 11383f8ad5be5abed7fe006110a57a8b518809ca
diff --git a/book/controller.rst b/book/controller.rst
@@ -440,7 +440,7 @@ If you want to redirect the user to another page, use the ``redirectToRoute()``
     }
 
 .. versionadded:: 2.6
-    The ``redirectToRoute()`` method was added in Symfony 2.6. Previously (and still now), you
+    The ``redirectToRoute()`` method was introduced in Symfony 2.6. Previously (and still now), you
     could use ``redirect()`` and ``generateUrl()`` together for this (see the example above).
 
 Or, if you want to redirect externally, just use ``redirect()`` and pass it the URL::
@@ -803,6 +803,28 @@ Just like when creating a controller for a route, the order of the arguments of
 order of the arguments, Symfony will still pass the correct value to each
 variable.
 
+Validating a CSRF Token
+-----------------------
+
+Sometimes you want to use CSRF protection in an action where you don't want to use the
+Symfony Form component.
+
+If, for example, you're doing a DELETE action, you can use the
+:method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid`
+method to check the CSRF token::
+
+    if ($this->isCsrfTokenValid('token_id', $submittedToken)) {
+        // ... do something, like deleting an object
+    }
+
+.. versionadded:: 2.6
+    The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6.
+    It is equivalent to executing the following code::
+
+    use Symfony\Component\Security\Csrf\CsrfToken;
+
+    $this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN'));
+
 Final Thoughts
 --------------