finish csrf_token_generator and csrf_token_id docs

xabbuh · xabbuh · commit 304d7a5f0524 · 2016-01-15T22:52:28.000+01:00
diff --git a/book/forms.rst b/book/forms.rst
@@ -1809,7 +1809,7 @@ The CSRF token can be customized on a form-by-form basis. For example::
                 'csrf_protection' => true,
                 'csrf_field_name' => '_token',
                 // a unique key to help generate the secret token
-                'intention'       => 'task_item',
+                'csrf_token_id'   => 'task_item',
             ));
         }
 
@@ -1825,8 +1825,12 @@ section.
 
 .. note::
 
-    The ``intention`` option is optional but greatly enhances the security of
-    the generated token by making it different for each form.
+    The ``csrf_token_id`` option is optional but greatly enhances the security
+    of the generated token by making it different for each form.
+
+.. versionadded:: 2.4
+    The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+    had to use the ``intention`` option.
 
 .. caution::
 
diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst
@@ -50,7 +50,7 @@ provider available in the Security component:
 
                 <firewall name="secured_area">
                     <!-- ... -->
-                    <form-login csrf-provider="security.csrf.token_manager" />
+                    <form-login csrf-token-generator="security.csrf.token_manager" />
                 </firewall>
             </config>
         </srv:container>
@@ -72,6 +72,10 @@ provider available in the Security component:
             ),
         ));
 
+.. versionadded:: 2.4
+    The ``csrf_token_generator`` option was introduced in Symfony 2.4. Prior,
+    you had to use the ``csrf_provider`` option.
+
 The Security component can be configured further, but this is all information
 it needs to be able to use CSRF in the login form.
 
@@ -156,7 +160,7 @@ After this, you have protected your login form against CSRF attacks.
                     <firewall name="secured_area">
                         <!-- ... -->
                         <form-login csrf-parameter="_csrf_security_token"
-                                 csrf_token_id="a_private_string"
+                            csrf-token-id="a_private_string"
                         />
                     </firewall>
                 </config>
@@ -180,10 +184,9 @@ After this, you have protected your login form against CSRF attacks.
                 ),
             ));
 
-.. versionadded:: 2.8
-    The ``intention`` and ``csrf_token_generator`` options were introduced
-    in Symfony 2.8. Prior, you had to use the ``csrf_token_id`` and ``csrf_provider``
-    options.
+.. versionadded:: 2.4
+    The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+    had to use the ``intention`` option.
 
 .. _`Cross-site request forgery`: https://en.wikipedia.org/wiki/Cross-site_request_forgery
 .. _`Forging Login Requests`: https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -17,6 +17,11 @@ Each part will be explained in the next section.
     Support for restricting security firewalls to specific http methods was introduced in
     Symfony 2.5.
 
+.. versionadded:: 2.4
+    The ``csrf_token_generator`` and ``csrf_token_id`` were introduced in
+    Symfony 2.4. Prior, you had to use the ``csrf_provider`` and ``intention``
+    options.
+
 .. configuration-block::
 
     .. code-block:: yaml
@@ -165,9 +170,9 @@ Each part will be explained in the next section.
                         password_parameter: _password
 
                         # csrf token options
-                        csrf_parameter: _csrf_token
-                        intention:      authenticate
-                        csrf_provider:  my.csrf_provider.id
+                        csrf_parameter:       _csrf_token
+                        csrf_token_id:        authenticate
+                        csrf_token_generator: my.csrf_token_generator.id
 
                         # by default, the login form *must* be a POST, not a GET
                         post_only:      true
@@ -213,8 +218,8 @@ Each part will be explained in the next section.
                     context:              ~
                     logout:
                         csrf_parameter:       _csrf_token
-                        csrf_provider:        ~
-                        intention:            logout
+                        csrf_token_generator: ~
+                        csrf_token_id:        logout
                         path:                 /logout
                         target:               /
                         success_handler:      ~
