diff --git a/security.rst b/security.rst index c611fe4654c..ff0ba9812af 100644 --- a/security.rst +++ b/security.rst @@ -958,10 +958,9 @@ First, you need to enable CSRF on the form login: .. _csrf-login-template: -Then, use the ``csrf_token()`` function in the Twig template to generate a CSRF -token and store it as a hidden field of the form. By default, the HTML field -must be called ``_csrf_token`` and the string used to generate the value must -be ``authenticate``: +Then, add a hidden field to the form. In order to work with the built-in ``FormLoginAuthenticator``, +the HTML field must be called ``_csrf_token``, and the argument of Twig's ``csrf_token()`` function +must be called ``authenticate``: .. code-block:: html+twig @@ -971,7 +970,7 @@ be ``authenticate``:
{# ... the login fields #} - +
diff --git a/security/custom_authenticator.rst b/security/custom_authenticator.rst index e79d8a002a1..4edb1ab1016 100644 --- a/security/custom_authenticator.rst +++ b/security/custom_authenticator.rst @@ -349,9 +349,9 @@ would initialize the passport like this:: { public function authenticate(Request $request): Passport { - $password = $request->request->get('password'); $username = $request->request->get('username'); - $csrfToken = $request->request->get('csrf_token'); + $password = $request->request->get('password'); + $csrfToken = $request->request->get('_csrf_token'); // ... validate no parameter is empty pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy