diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst index dc40fd8f5f8..4fabb4ecc50 100644 --- a/cookbook/security/csrf_in_login_form.rst +++ b/cookbook/security/csrf_in_login_form.rst @@ -13,10 +13,6 @@ for CSRF. In this article you'll learn how you can use it in your login form. Login CSRF attacks are a bit less well-known. See `Forging Login Requests`_ if you're curious about more details. -.. note:: - - Since SF 2.8 ``intention`` has been depreciated, and removed in SF 3.0. It is now labeled as ``csrf_token_id``. ``csrf_provider`` was changed in SF 3.0 to ``csrf_token_generator``. - Configuring CSRF Protection --------------------------- @@ -37,8 +33,6 @@ provider available in the Security component: # ... form_login: # ... - # Use csrf_provider in SF <2.8 - # csrf_provider: security.csrf.token_manager csrf_token_generator: security.csrf.token_manager .. code-block:: xml @@ -72,8 +66,6 @@ provider available in the Security component: // ... 'form_login' => array( // ... - // Use csrf_provider in SF <2.8 - // 'csrf_provider' => 'security.csrf.token_manager', 'csrf_token_generator' => 'security.csrf.token_manager', ), ), @@ -130,7 +122,7 @@ After this, you have protected your login form against CSRF attacks. .. tip:: You can change the name of the field by setting ``csrf_parameter`` and change - the token ID by setting ``csrf_token_id`` ~~``intention``~~ in your configuration: + the token ID by setting ``csrf_token_id`` in your configuration: .. configuration-block:: @@ -146,7 +138,6 @@ After this, you have protected your login form against CSRF attacks. form_login: # ... csrf_parameter: _csrf_security_token - # intention: a_private_string csrf_token_id: a_private_string .. code-block:: xml @@ -165,7 +156,6 @@ After this, you have protected your login form against CSRF attacks. csrf_token_id="a_private_string" /> @@ -185,11 +175,15 @@ After this, you have protected your login form against CSRF attacks. // ... 'csrf_parameter' => '_csrf_security_token', 'csrf_token_id' => 'a_private_string' - // 'intention' => 'a_private_string', ), ), ), )); +versionadded:: 2.8 + The ``intention`` and ``csrf_token_generator`` options were introduced + in Symfony 2.8. Prior, you had to use the ``csrf_token_id`` and ``csrf_provider`` + options. + .. _`Cross-site request forgery`: https://en.wikipedia.org/wiki/Cross-site_request_forgery .. _`Forging Login Requests`: https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests