Skip to content

Commit 85dc294

Browse files
wouterjwouterj
committed
feature symfony#5572 4668 document isCsrfTokenValid (snoek09)
This PR was squashed before being merged into the 2.6 branch (closes symfony#5572). Discussion ---------- 4668 document isCsrfTokenValid | Q | A | ------------- | --- | Doc fix? | yes | New docs? | yes | Applies to | 2.6 | Fixed tickets | symfony#4668 See original PR symfony#5325 for comments. Commits ------- 11383f8 4668 document isCsrfTokenValid
2 parents 41c7059 + 11383f8 commit 85dc294

File tree

1 file changed

+23
-1
lines changed

1 file changed

+23
-1
lines changed

book/controller.rst

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -440,7 +440,7 @@ If you want to redirect the user to another page, use the ``redirectToRoute()``
440440
}
441441

442442
.. versionadded:: 2.6
443-
The ``redirectToRoute()`` method was added in Symfony 2.6. Previously (and still now), you
443+
The ``redirectToRoute()`` method was introduced in Symfony 2.6. Previously (and still now), you
444444
could use ``redirect()`` and ``generateUrl()`` together for this (see the example above).
445445

446446
Or, if you want to redirect externally, just use ``redirect()`` and pass it the URL::
@@ -803,6 +803,28 @@ Just like when creating a controller for a route, the order of the arguments of
803803
order of the arguments, Symfony will still pass the correct value to each
804804
variable.
805805

806+
Validating a CSRF Token
807+
-----------------------
808+
809+
Sometimes you want to use CSRF protection in an action where you don't want to use the
810+
Symfony Form component.
811+
812+
If, for example, you're doing a DELETE action, you can use the
813+
:method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid`
814+
method to check the CSRF token::
815+
816+
if ($this->isCsrfTokenValid('token_id', $submittedToken)) {
817+
// ... do something, like deleting an object
818+
}
819+
820+
.. versionadded:: 2.6
821+
The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6.
822+
It is equivalent to executing the following code::
823+
824+
use Symfony\Component\Security\Csrf\CsrfToken;
825+
826+
$this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN'));
827+
806828
Final Thoughts
807829
--------------
808830

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy