document old way of checking validity of CSRF token

symfony · Jan 11, 2016 · 8257cc8 · 8257cc8
1 parent 71469ff
commit 8257cc8
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/book/controller.rst b/book/controller.rst
@@ -794,6 +794,24 @@ Just like when creating a controller for a route, the order of the arguments of
 order of the arguments, Symfony will still pass the correct value to each
 variable.
 
+Checking the Validity of a CSRF Token
+-------------------------------------
+
+Sometimes you want to use CSRF protection in an action where you don't want to use a
+Symfony form.
+
+If, for example, you're doing a DELETE action, you can use the
+:method:`Symfony\\Component\\Form\\Extension\\Csrf\\CsrfProvider\\CsrfProviderInterface::isCsrfTokenValid`
+method to check the CSRF token::
+
+    $csrf = $this->container->get('form.csrf_provider');
+    $intention = 'authenticate';
+    $token = $csrf->generateCsrfToken($intention);
+
+    if (!$csrf->isCsrfTokenValid($intention, $token)) {
+        // CSRF token invalid! Do something, like redirect with an error.
+    }
+
 Final Thoughts
 --------------