document old way of checking validity of CSRF token #5818
Conversation
snoek09
commented
Oct 20, 2015
snoek09
commented
| Q | A |
|---|---|
| Doc fix? | yes |
| New docs? | yes |
| Applies to | all |
| Fixed tickets | Related to #4668 |
|
👍 |
| Sometimes you want to use CSRF protection in an action where you don't want to use a | ||
| Symfony form. | ||
|
|
||
| If, for example, you're doing a DELETE action, you can use the |
There was a problem hiding this comment.
I checked the docs for mentions of HTTP methods. In a sentence they are never in backticks.
|
@xabbuh please let me know if the example code is fine now. |
|
@xabbuh is this PR finished? |
| Symfony form. | ||
|
|
||
| If, for example, you're doing a DELETE action, you can use the | ||
| :method:`Symfony\\Component\\Form\\Extension\\Csrf\\CsrfProvider\\DefaultCsrfProvider::isCsrfTokenValid` |
There was a problem hiding this comment.
I think this should link to the method in the interface instead (it doesn't matter which implementation is registered as the service).
|
@snoek09 Sorry for missing your last comment. I left a last minor comment. After that this looks good to be merged to me. |
|
@xabbuh No problem. I updated the link. |
|
👍 |
|
@xabbuh I think this is ready to be merged. |
|
@weaverryan @wouterj @javiereguiluz Ready to go here? :) |
| method to check the CSRF token:: | ||
|
|
||
| $csrf = $this->container->get('form.csrf_provider'); | ||
| $intention = 'authenticate'; |
There was a problem hiding this comment.
Does it make sense to show this without showing a template? When you generate the CSRF token in the template, you would need to also include authenticate then, right?
|
I added some comments, but I like it! Short and simple. To be clear, this is not an "old way" of checking CSRF, correct? It seems totally valid and current. Thanks! |
|
@weaverryan : No it isn't, because the However, I wonder if the |
|
@ogizanagi is right. The example code has to work with 2.3 using the 'old way'. |
|
I think we can merge it just as it is and then work on converting this into a cookbook recipe afterwards. What do you think? |
|
👍 |
|
I like that idea @xabbuh. |
|
@weaverryan @wouterj @javiereguiluz Okay with merging and thinking about how to rework the whole part afterwards? |
|
@xabbuh yes! |
|
👍 |
|
Thank you Henry. |
…k09) This PR was squashed before being merged into the 2.3 branch (closes #5818). Discussion ---------- document old way of checking validity of CSRF token | Q | A | ------------- | --- | Doc fix? | yes | New docs? | yes | Applies to | all | Fixed tickets | Related to #4668 Commits ------- 8257cc8 document old way of checking validity of CSRF token
