diff --git a/book/forms.rst b/book/forms.rst
index 3d6ef5d6d82..8c43224040d 100644
--- a/book/forms.rst
+++ b/book/forms.rst
@@ -1809,7 +1809,7 @@ The CSRF token can be customized on a form-by-form basis. For example::
'csrf_protection' => true,
'csrf_field_name' => '_token',
// a unique key to help generate the secret token
- 'intention' => 'task_item',
+ 'csrf_token_id' => 'task_item',
));
}
@@ -1825,8 +1825,12 @@ section.
.. note::
- The ``intention`` option is optional but greatly enhances the security of
- the generated token by making it different for each form.
+ The ``csrf_token_id`` option is optional but greatly enhances the security
+ of the generated token by making it different for each form.
+
+.. versionadded:: 2.4
+ The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+ had to use the ``intention`` option.
.. caution::
diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst
index b7649aa92f7..c339454ec56 100644
--- a/cookbook/security/csrf_in_login_form.rst
+++ b/cookbook/security/csrf_in_login_form.rst
@@ -33,7 +33,7 @@ provider available in the Security component:
# ...
form_login:
# ...
- csrf_provider: security.csrf.token_manager
+ csrf_token_generator: security.csrf.token_manager
.. code-block:: xml
@@ -50,7 +50,7 @@ provider available in the Security component:
-
+
@@ -66,12 +66,16 @@ provider available in the Security component:
// ...
'form_login' => array(
// ...
- 'csrf_provider' => 'security.csrf.token_manager',
+ 'csrf_token_generator' => 'security.csrf.token_manager',
),
),
),
));
+.. versionadded:: 2.4
+ The ``csrf_token_generator`` option was introduced in Symfony 2.4. Prior,
+ you had to use the ``csrf_provider`` option.
+
The Security component can be configured further, but this is all information
it needs to be able to use CSRF in the login form.
@@ -122,7 +126,7 @@ After this, you have protected your login form against CSRF attacks.
.. tip::
You can change the name of the field by setting ``csrf_parameter`` and change
- the token ID by setting ``intention`` in your configuration:
+ the token ID by setting ``csrf_token_id`` in your configuration:
.. configuration-block::
@@ -138,7 +142,7 @@ After this, you have protected your login form against CSRF attacks.
form_login:
# ...
csrf_parameter: _csrf_security_token
- intention: a_private_string
+ csrf_token_id: a_private_string
.. code-block:: xml
@@ -156,7 +160,7 @@ After this, you have protected your login form against CSRF attacks.
@@ -174,11 +178,15 @@ After this, you have protected your login form against CSRF attacks.
'form_login' => array(
// ...
'csrf_parameter' => '_csrf_security_token',
- 'intention' => 'a_private_string',
+ 'csrf_token_id' => 'a_private_string'
),
),
),
));
+.. versionadded:: 2.4
+ The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+ had to use the ``intention`` option.
+
.. _`Cross-site request forgery`: https://en.wikipedia.org/wiki/Cross-site_request_forgery
.. _`Forging Login Requests`: https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index fcec22c8685..e4f99da35d0 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -17,6 +17,11 @@ Each part will be explained in the next section.
Support for restricting security firewalls to specific http methods was introduced in
Symfony 2.5.
+.. versionadded:: 2.4
+ The ``csrf_token_generator`` and ``csrf_token_id`` were introduced in
+ Symfony 2.4. Prior, you had to use the ``csrf_provider`` and ``intention``
+ options.
+
.. configuration-block::
.. code-block:: yaml
@@ -165,9 +170,9 @@ Each part will be explained in the next section.
password_parameter: _password
# csrf token options
- csrf_parameter: _csrf_token
- intention: authenticate
- csrf_provider: my.csrf_provider.id
+ csrf_parameter: _csrf_token
+ csrf_token_id: authenticate
+ csrf_token_generator: my.csrf_token_generator.id
# by default, the login form *must* be a POST, not a GET
post_only: true
@@ -213,8 +218,8 @@ Each part will be explained in the next section.
context: ~
logout:
csrf_parameter: _csrf_token
- csrf_provider: ~
- intention: logout
+ csrf_token_generator: ~
+ csrf_token_id: logout
path: /logout
target: /
success_handler: ~