Skip to content

Commit 3d1e8a7

Browse files
xabbuhxabbuh
committed
Merge branch '2.7' into 2.8
* 2.7: revert form login CSRF changes on wrong branch
2 parents 53726dd + f1c30e4 commit 3d1e8a7

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

cookbook/security/csrf_in_login_form.rst

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ provider available in the Security component:
3333
# ...
3434
form_login:
3535
# ...
36-
csrf_token_generator: security.csrf.token_manager
36+
csrf_provider: security.csrf.token_manager
3737
3838
.. code-block:: xml
3939
@@ -50,7 +50,7 @@ provider available in the Security component:
5050
5151
<firewall name="secured_area">
5252
<!-- ... -->
53-
<form-login csrf-token-generator="security.csrf.token_manager" />
53+
<form-login csrf-provider="security.csrf.token_manager" />
5454
</firewall>
5555
</config>
5656
</srv:container>
@@ -66,7 +66,7 @@ provider available in the Security component:
6666
// ...
6767
'form_login' => array(
6868
// ...
69-
'csrf_token_generator' => 'security.csrf.token_manager',
69+
'csrf_provider' => 'security.csrf.token_manager',
7070
),
7171
),
7272
),
@@ -124,7 +124,7 @@ After this, you have protected your login form against CSRF attacks.
124124
.. tip::
125125

126126
You can change the name of the field by setting ``csrf_parameter`` and change
127-
the token ID by setting ``csrf_token_id`` in your configuration:
127+
the token ID by setting ``intention`` in your configuration:
128128

129129
.. configuration-block::
130130

@@ -140,7 +140,7 @@ After this, you have protected your login form against CSRF attacks.
140140
form_login:
141141
# ...
142142
csrf_parameter: _csrf_security_token
143-
csrf_token_id: a_private_string
143+
intention: a_private_string
144144
145145
.. code-block:: xml
146146
@@ -158,7 +158,7 @@ After this, you have protected your login form against CSRF attacks.
158158
<firewall name="secured_area">
159159
<!-- ... -->
160160
<form-login csrf-parameter="_csrf_security_token"
161-
csrf-token-id="a_private_string"
161+
intention="a_private_string"
162162
/>
163163
</firewall>
164164
</config>
@@ -176,7 +176,7 @@ After this, you have protected your login form against CSRF attacks.
176176
'form_login' => array(
177177
// ...
178178
'csrf_parameter' => '_csrf_security_token',
179-
'csrf_token_id' => 'a_private_string'
179+
'intention' => 'a_private_string'
180180
),
181181
),
182182
),

reference/configuration/security.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -162,8 +162,8 @@ Each part will be explained in the next section.
162162
163163
# csrf token options
164164
csrf_parameter: _csrf_token
165-
csrf_token_id: authenticate
166-
csrf_token_generator: my.csrf_token_generator.id
165+
intention: authenticate
166+
csrf_provider: my.csrf_token_generator.id
167167
168168
# by default, the login form *must* be a POST, not a GET
169169
post_only: true

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy