From 62c2f025cbf029fddaf3b22f74b4379929f3737e Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Thu, 28 May 2015 12:41:39 +0200 Subject: [PATCH 1/4] 4668 document isCsrfTokenValid --- book/controller.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/book/controller.rst b/book/controller.rst index 7ec7bd4ae3a..12f8a3416da 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -803,6 +803,18 @@ Just like when creating a controller for a route, the order of the arguments of order of the arguments, Symfony will still pass the correct value to each variable. +Checking the Validity of a CSRF Token +------------------------------------- + +Sometimes you want to use CSRF protection in an action where you don't want to use a +Symfony form. + +If, for example, you're doing a DELETE action, you can use ``isCsrfTokenValid()``:: + + if ($this->isCsrfTokenValid('token_id', 'TOKEN')) { + // ... do something, like deleting an object + } + Final Thoughts -------------- From af4ebaa72c27305bc77ea9c7fb702715e21d0e90 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Thu, 28 May 2015 15:24:14 +0200 Subject: [PATCH 2/4] 4668 show non-shortcut alternative, use variable argument for submitted token --- book/controller.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/book/controller.rst b/book/controller.rst index 12f8a3416da..898e7cd755a 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -811,10 +811,19 @@ Symfony form. If, for example, you're doing a DELETE action, you can use ``isCsrfTokenValid()``:: - if ($this->isCsrfTokenValid('token_id', 'TOKEN')) { + if ($this->isCsrfTokenValid('token_id', $submittedToken)) { // ... do something, like deleting an object } +.. versionadded:: 2.6 + The ``isCsrfTokenValid()`` shortcut method was added in Symfony 2.6. + +Previously you would use:: + + use Symfony\Component\Security\Csrf\CsrfToken; + + $this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN')); + Final Thoughts -------------- From e4d9d495894de8d181dc1233620f637bc294b613 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Sat, 30 May 2015 14:25:27 +0200 Subject: [PATCH 3/4] 4668 link method to API docs, use 'was introduced' instead of 'was added' --- book/controller.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/book/controller.rst b/book/controller.rst index 898e7cd755a..9e3eece3012 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -440,7 +440,7 @@ If you want to redirect the user to another page, use the ``redirectToRoute()`` } .. versionadded:: 2.6 - The ``redirectToRoute()`` method was added in Symfony 2.6. Previously (and still now), you + The ``redirectToRoute()`` method was introduced in Symfony 2.6. Previously (and still now), you could use ``redirect()`` and ``generateUrl()`` together for this (see the example above). Or, if you want to redirect externally, just use ``redirect()`` and pass it the URL:: @@ -809,14 +809,15 @@ Checking the Validity of a CSRF Token Sometimes you want to use CSRF protection in an action where you don't want to use a Symfony form. -If, for example, you're doing a DELETE action, you can use ``isCsrfTokenValid()``:: +If, for example, you're doing a DELETE action, you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` +method to check the CSRF token:: if ($this->isCsrfTokenValid('token_id', $submittedToken)) { // ... do something, like deleting an object } .. versionadded:: 2.6 - The ``isCsrfTokenValid()`` shortcut method was added in Symfony 2.6. + The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6. Previously you would use:: From 2de7c82015a857f94103a82ea7882b7cc047ac35 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Sun, 31 May 2015 10:26:51 +0200 Subject: [PATCH 4/4] 4668 move method reference to own line --- book/controller.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/book/controller.rst b/book/controller.rst index 9e3eece3012..0916dba6e61 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -809,7 +809,8 @@ Checking the Validity of a CSRF Token Sometimes you want to use CSRF protection in an action where you don't want to use a Symfony form. -If, for example, you're doing a DELETE action, you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` +If, for example, you're doing a DELETE action, you can use the +:method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` method to check the CSRF token:: if ($this->isCsrfTokenValid('token_id', $submittedToken)) { pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy