From 0044aa24d2cf2d7fd5fc06ac475c6fef38969cb9 Mon Sep 17 00:00:00 2001
From: Raistlfiren <avaland@woopta.com>
Date: Tue, 1 Dec 2015 09:17:18 -0600
Subject: [PATCH 1/4] Updated csrf_in_login_form.rst to include csrf_token_id
 and csrf_token_generator

Updated CSRF documentation to rename intention and csrf_provider. They were renamed in SF 3.0 to csrf_token_id and csrf_token_generator.
---
 cookbook/security/csrf_in_login_form.rst | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst
index b7649aa92f7..dc40fd8f5f8 100644
--- a/cookbook/security/csrf_in_login_form.rst
+++ b/cookbook/security/csrf_in_login_form.rst
@@ -13,6 +13,10 @@ for CSRF. In this article you'll learn how you can use it in your login form.
     Login CSRF attacks are a bit less well-known. See `Forging Login Requests`_
     if you're curious about more details.
 
+.. note::
+
+    Since SF 2.8 ``intention`` has been depreciated, and removed in SF 3.0. It is now labeled as ``csrf_token_id``. ``csrf_provider`` was changed in SF 3.0 to ``csrf_token_generator``.
+    
 Configuring CSRF Protection
 ---------------------------
 
@@ -33,7 +37,9 @@ provider available in the Security component:
                     # ...
                     form_login:
                         # ...
-                        csrf_provider: security.csrf.token_manager
+                        # Use csrf_provider in SF <2.8
+                        # csrf_provider: security.csrf.token_manager
+                        csrf_token_generator: security.csrf.token_manager
 
     .. code-block:: xml
 
@@ -66,7 +72,9 @@ provider available in the Security component:
                     // ...
                     'form_login' => array(
                         // ...
-                        'csrf_provider' => 'security.csrf.token_manager',
+                        // Use csrf_provider in SF <2.8
+                        // 'csrf_provider' => 'security.csrf.token_manager',
+                        'csrf_token_generator' => 'security.csrf.token_manager',
                     ),
                 ),
             ),
@@ -122,7 +130,7 @@ After this, you have protected your login form against CSRF attacks.
 .. tip::
 
     You can change the name of the field by setting ``csrf_parameter`` and change
-    the token ID by setting ``intention`` in your configuration:
+    the token ID by setting  ``csrf_token_id`` ~~``intention``~~ in your configuration:
 
     .. configuration-block::
 
@@ -138,7 +146,8 @@ After this, you have protected your login form against CSRF attacks.
                         form_login:
                             # ...
                             csrf_parameter: _csrf_security_token
-                            intention: a_private_string
+                            # intention: a_private_string
+                            csrf_token_id: a_private_string
 
         .. code-block:: xml
 
@@ -156,7 +165,8 @@ After this, you have protected your login form against CSRF attacks.
                     <firewall name="secured_area">
                         <!-- ... -->
                         <form-login csrf-parameter="_csrf_security_token"
-                            intention="a_private_string"
+                            <!-- intention="a_private_string" -->
+                                 csrf_token_id="a_private_string"
                         />
                     </firewall>
                 </config>
@@ -174,7 +184,8 @@ After this, you have protected your login form against CSRF attacks.
                         'form_login' => array(
                             // ...
                             'csrf_parameter' => '_csrf_security_token',
-                            'intention'      => 'a_private_string',
+                            'csrf_token_id'     => 'a_private_string'
+                            // 'intention'      => 'a_private_string',
                         ),
                     ),
                 ),

From 91b5e2e6349c0818eccf911f5aae9c5652848b00 Mon Sep 17 00:00:00 2001
From: Aaron Valandra <avalandra@Aarons-MacBook-Pro.local>
Date: Wed, 2 Dec 2015 09:00:24 -0600
Subject: [PATCH 2/4] Updated documentation as requested by @stof and @xabbuh

---
 cookbook/security/csrf_in_login_form.rst | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst
index dc40fd8f5f8..4fabb4ecc50 100644
--- a/cookbook/security/csrf_in_login_form.rst
+++ b/cookbook/security/csrf_in_login_form.rst
@@ -13,10 +13,6 @@ for CSRF. In this article you'll learn how you can use it in your login form.
     Login CSRF attacks are a bit less well-known. See `Forging Login Requests`_
     if you're curious about more details.
 
-.. note::
-
-    Since SF 2.8 ``intention`` has been depreciated, and removed in SF 3.0. It is now labeled as ``csrf_token_id``. ``csrf_provider`` was changed in SF 3.0 to ``csrf_token_generator``.
-    
 Configuring CSRF Protection
 ---------------------------
 
@@ -37,8 +33,6 @@ provider available in the Security component:
                     # ...
                     form_login:
                         # ...
-                        # Use csrf_provider in SF <2.8
-                        # csrf_provider: security.csrf.token_manager
                         csrf_token_generator: security.csrf.token_manager
 
     .. code-block:: xml
@@ -72,8 +66,6 @@ provider available in the Security component:
                     // ...
                     'form_login' => array(
                         // ...
-                        // Use csrf_provider in SF <2.8
-                        // 'csrf_provider' => 'security.csrf.token_manager',
                         'csrf_token_generator' => 'security.csrf.token_manager',
                     ),
                 ),
@@ -130,7 +122,7 @@ After this, you have protected your login form against CSRF attacks.
 .. tip::
 
     You can change the name of the field by setting ``csrf_parameter`` and change
-    the token ID by setting  ``csrf_token_id`` ~~``intention``~~ in your configuration:
+    the token ID by setting  ``csrf_token_id`` in your configuration:
 
     .. configuration-block::
 
@@ -146,7 +138,6 @@ After this, you have protected your login form against CSRF attacks.
                         form_login:
                             # ...
                             csrf_parameter: _csrf_security_token
-                            # intention: a_private_string
                             csrf_token_id: a_private_string
 
         .. code-block:: xml
@@ -165,7 +156,6 @@ After this, you have protected your login form against CSRF attacks.
                     <firewall name="secured_area">
                         <!-- ... -->
                         <form-login csrf-parameter="_csrf_security_token"
-                            <!-- intention="a_private_string" -->
                                  csrf_token_id="a_private_string"
                         />
                     </firewall>
@@ -185,11 +175,15 @@ After this, you have protected your login form against CSRF attacks.
                             // ...
                             'csrf_parameter' => '_csrf_security_token',
                             'csrf_token_id'     => 'a_private_string'
-                            // 'intention'      => 'a_private_string',
                         ),
                     ),
                 ),
             ));
 
+versionadded:: 2.8
+    The ``intention`` and ``csrf_token_generator`` options were introduced
+    in Symfony 2.8. Prior, you had to use the ``csrf_token_id`` and ``csrf_provider``
+    options.
+
 .. _`Cross-site request forgery`: https://en.wikipedia.org/wiki/Cross-site_request_forgery
 .. _`Forging Login Requests`: https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests

From 3ceb61cdfe624c82ca3c3a2cd07c196ace27da4f Mon Sep 17 00:00:00 2001
From: Aaron Valandra <avalandra@Aarons-MacBook-Pro.local>
Date: Wed, 2 Dec 2015 09:11:56 -0600
Subject: [PATCH 3/4] Improper markdown for versionadded.

---
 cookbook/security/csrf_in_login_form.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst
index 4fabb4ecc50..203b8d9dd5f 100644
--- a/cookbook/security/csrf_in_login_form.rst
+++ b/cookbook/security/csrf_in_login_form.rst
@@ -180,7 +180,7 @@ After this, you have protected your login form against CSRF attacks.
                 ),
             ));
 
-versionadded:: 2.8
+.. versionadded:: 2.8
     The ``intention`` and ``csrf_token_generator`` options were introduced
     in Symfony 2.8. Prior, you had to use the ``csrf_token_id`` and ``csrf_provider``
     options.

From 304d7a5f052430fbd9b52529cf9f97ebf032b6cd Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@xabbuh.de>
Date: Fri, 15 Jan 2016 22:52:28 +0100
Subject: [PATCH 4/4] finish csrf_token_generator and csrf_token_id docs

---
 book/forms.rst                           | 10 +++++++---
 cookbook/security/csrf_in_login_form.rst | 15 +++++++++------
 reference/configuration/security.rst     | 15 ++++++++++-----
 3 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/book/forms.rst b/book/forms.rst
index 3d6ef5d6d82..8c43224040d 100644
--- a/book/forms.rst
+++ b/book/forms.rst
@@ -1809,7 +1809,7 @@ The CSRF token can be customized on a form-by-form basis. For example::
                 'csrf_protection' => true,
                 'csrf_field_name' => '_token',
                 // a unique key to help generate the secret token
-                'intention'       => 'task_item',
+                'csrf_token_id'   => 'task_item',
             ));
         }
 
@@ -1825,8 +1825,12 @@ section.
 
 .. note::
 
-    The ``intention`` option is optional but greatly enhances the security of
-    the generated token by making it different for each form.
+    The ``csrf_token_id`` option is optional but greatly enhances the security
+    of the generated token by making it different for each form.
+
+.. versionadded:: 2.4
+    The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+    had to use the ``intention`` option.
 
 .. caution::
 
diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst
index 203b8d9dd5f..c339454ec56 100644
--- a/cookbook/security/csrf_in_login_form.rst
+++ b/cookbook/security/csrf_in_login_form.rst
@@ -50,7 +50,7 @@ provider available in the Security component:
 
                 <firewall name="secured_area">
                     <!-- ... -->
-                    <form-login csrf-provider="security.csrf.token_manager" />
+                    <form-login csrf-token-generator="security.csrf.token_manager" />
                 </firewall>
             </config>
         </srv:container>
@@ -72,6 +72,10 @@ provider available in the Security component:
             ),
         ));
 
+.. versionadded:: 2.4
+    The ``csrf_token_generator`` option was introduced in Symfony 2.4. Prior,
+    you had to use the ``csrf_provider`` option.
+
 The Security component can be configured further, but this is all information
 it needs to be able to use CSRF in the login form.
 
@@ -156,7 +160,7 @@ After this, you have protected your login form against CSRF attacks.
                     <firewall name="secured_area">
                         <!-- ... -->
                         <form-login csrf-parameter="_csrf_security_token"
-                                 csrf_token_id="a_private_string"
+                            csrf-token-id="a_private_string"
                         />
                     </firewall>
                 </config>
@@ -180,10 +184,9 @@ After this, you have protected your login form against CSRF attacks.
                 ),
             ));
 
-.. versionadded:: 2.8
-    The ``intention`` and ``csrf_token_generator`` options were introduced
-    in Symfony 2.8. Prior, you had to use the ``csrf_token_id`` and ``csrf_provider``
-    options.
+.. versionadded:: 2.4
+    The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+    had to use the ``intention`` option.
 
 .. _`Cross-site request forgery`: https://en.wikipedia.org/wiki/Cross-site_request_forgery
 .. _`Forging Login Requests`: https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index fcec22c8685..e4f99da35d0 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -17,6 +17,11 @@ Each part will be explained in the next section.
     Support for restricting security firewalls to specific http methods was introduced in
     Symfony 2.5.
 
+.. versionadded:: 2.4
+    The ``csrf_token_generator`` and ``csrf_token_id`` were introduced in
+    Symfony 2.4. Prior, you had to use the ``csrf_provider`` and ``intention``
+    options.
+
 .. configuration-block::
 
     .. code-block:: yaml
@@ -165,9 +170,9 @@ Each part will be explained in the next section.
                         password_parameter: _password
 
                         # csrf token options
-                        csrf_parameter: _csrf_token
-                        intention:      authenticate
-                        csrf_provider:  my.csrf_provider.id
+                        csrf_parameter:       _csrf_token
+                        csrf_token_id:        authenticate
+                        csrf_token_generator: my.csrf_token_generator.id
 
                         # by default, the login form *must* be a POST, not a GET
                         post_only:      true
@@ -213,8 +218,8 @@ Each part will be explained in the next section.
                     context:              ~
                     logout:
                         csrf_parameter:       _csrf_token
-                        csrf_provider:        ~
-                        intention:            logout
+                        csrf_token_generator: ~
+                        csrf_token_id:        logout
                         path:                 /logout
                         target:               /
                         success_handler:      ~

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/6152.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/6152.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/6152.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/6152.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>