From d5c8028d6f80eac15c8f684001a56e60cf4fbe23 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Sat, 30 May 2015 14:35:05 +0200 Subject: [PATCH 1/2] document old way of checking validity of CSRF token --- book/controller.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/book/controller.rst b/book/controller.rst index 510dccc457a..d70b65a46f8 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -786,6 +786,19 @@ Just like when creating a controller for a route, the order of the arguments of order of the arguments, Symfony will still pass the correct value to each variable. +Checking the Validity of a CSRF Token +------------------------------------- + +Sometimes you want to use CSRF protection in an action where you don't want to use a +Symfony form. + +If, for example, you're doing a DELETE action, you can use the :method:`Symfony\\Component\\Form\\Extension\\Csrf\\CsrfProvider\\CsrfProviderAdapter::isTokenValid` +method to check the CSRF token:: + + use Symfony\Component\Security\Csrf\CsrfToken; + + $this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN')); + Final Thoughts -------------- From b0f163f99cc2cda5b80c810fbe4c9f8996c3f3a2 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Sun, 31 May 2015 10:25:52 +0200 Subject: [PATCH 2/2] move method reference to own line --- book/controller.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/book/controller.rst b/book/controller.rst index d70b65a46f8..e95505ea824 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -792,7 +792,8 @@ Checking the Validity of a CSRF Token Sometimes you want to use CSRF protection in an action where you don't want to use a Symfony form. -If, for example, you're doing a DELETE action, you can use the :method:`Symfony\\Component\\Form\\Extension\\Csrf\\CsrfProvider\\CsrfProviderAdapter::isTokenValid` +If, for example, you're doing a DELETE action, you can use the +:method:`Symfony\\Component\\Form\\Extension\\Csrf\\CsrfProvider\\CsrfProviderAdapter::isTokenValid` method to check the CSRF token:: use Symfony\Component\Security\Csrf\CsrfToken;