Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document isCsrfTokenValid #4668

Closed
xabbuh opened this issue Dec 17, 2014 · 5 comments
Closed

Document isCsrfTokenValid #4668

xabbuh opened this issue Dec 17, 2014 · 5 comments
Labels
actionable Clear and specific issues ready for anyone to take them.
Milestone
2.6

Comments

@xabbuh
Copy link
Member

xabbuh commented Dec 17, 2014

see symfony/symfony#11602
@xabbuh xabbuh added Missing Documentation actionable Clear and specific issues ready for anyone to take them. labels Dec 17, 2014
@xabbuh xabbuh added this to the 2.6 milestone Dec 17, 2014
@wouterj
Copy link
Member

wouterj commented Dec 18, 2014

Where should we document this? We have just 2 locations where we talk about CSRF afaik, and both should not have this addition:

  1. In book/forms (http://symfony.com/doc/current/book/forms.html#csrf-protection), this talks about build-in Form CSRF support
  2. In cookbook/security (http://symfony.com/doc/current/cookbook/security/csrf_in_login_form.html), this talks exclusivly on configuring the security system to use CSRF.

@xabbuh
Copy link
Member Author

xabbuh commented Dec 18, 2014

I'm not sure when you need this method at all. Isn't CSRF validation performed automatically with the rest of the validation?

@javiereguiluz
Copy link
Member

I'll ask @lyrixx, who is the author of this new feature, to better explain us a use case for this feature.

@stof
Copy link
Member

stof commented Dec 18, 2014

The goal is to be able to use CSRF protection in actions where you are not using a Symfony Form (for instance on DELETE actions where doing the whole form binding just for the CSRF protection is way overkill and hurts performance)

@wouterj
Copy link
Member

wouterj commented May 3, 2015

In that case, I would propose to create a new cookbook article in the Controllers section talking about this.

This was referenced May 28, 2015
Closed
Closed
@snoek09 snoek09 mentioned this issue Jul 28, 2015
Closed
wouterj added a commit that referenced this issue Jul 29, 2015
@wouterj
feature #5572 4668 document isCsrfTokenValid (snoek09)
85dc294 
This PR was squashed before being merged into the 2.6 branch (closes #5572).

Discussion
----------

4668 document isCsrfTokenValid

| Q             | A
| ------------- | ---
| Doc fix?      | yes
| New docs?     | yes
| Applies to    | 2.6
| Fixed tickets | #4668

See original PR #5325 for comments.

Commits
-------

11383f8 4668 document isCsrfTokenValid
@wouterj wouterj closed this as completed Jul 29, 2015
@snoek09 snoek09 mentioned this issue Oct 20, 2015
Closed
xabbuh added a commit that referenced this issue Jan 11, 2016
@xabbuh
minor #5818 document old way of checking validity of CSRF token (snoe…
8b8a48a 
…k09)

This PR was squashed before being merged into the 2.3 branch (closes #5818).

Discussion
----------

document old way of checking validity of CSRF token

| Q             | A
| ------------- | ---
| Doc fix?      | yes
| New docs?     | yes
| Applies to    | all
| Fixed tickets | Related to #4668

Commits
-------

8257cc8 document old way of checking validity of CSRF token
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actionable Clear and specific issues ready for anyone to take them.
Projects
None yet
Milestone
2.6
Development

No branches or pull requests
4 participants
@javiereguiluz @stof @wouterj @xabbuh