Merge branch '2.7' into 2.8

xabbuh · xabbuh · commit 3d1e8a76bcc2 · 2016-01-31T08:24:09.000+01:00
* 2.7:
  revert form login CSRF changes on wrong branch
diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst
@@ -33,7 +33,7 @@ provider available in the Security component:
                     # ...
                     form_login:
                         # ...
-                        csrf_token_generator: security.csrf.token_manager
+                        csrf_provider: security.csrf.token_manager
 
     .. code-block:: xml
 
@@ -50,7 +50,7 @@ provider available in the Security component:
 
                 <firewall name="secured_area">
                     <!-- ... -->
-                    <form-login csrf-token-generator="security.csrf.token_manager" />
+                    <form-login csrf-provider="security.csrf.token_manager" />
                 </firewall>
             </config>
         </srv:container>
@@ -66,7 +66,7 @@ provider available in the Security component:
                     // ...
                     'form_login' => array(
                         // ...
-                        'csrf_token_generator' => 'security.csrf.token_manager',
+                        'csrf_provider' => 'security.csrf.token_manager',
                     ),
                 ),
             ),
@@ -124,7 +124,7 @@ After this, you have protected your login form against CSRF attacks.
 .. tip::
 
     You can change the name of the field by setting ``csrf_parameter`` and change
-    the token ID by setting  ``csrf_token_id`` in your configuration:
+    the token ID by setting  ``intention`` in your configuration:
 
     .. configuration-block::
 
@@ -140,7 +140,7 @@ After this, you have protected your login form against CSRF attacks.
                         form_login:
                             # ...
                             csrf_parameter: _csrf_security_token
-                            csrf_token_id: a_private_string
+                            intention: a_private_string
 
         .. code-block:: xml
 
@@ -158,7 +158,7 @@ After this, you have protected your login form against CSRF attacks.
                     <firewall name="secured_area">
                         <!-- ... -->
                         <form-login csrf-parameter="_csrf_security_token"
-                            csrf-token-id="a_private_string"
+                            intention="a_private_string"
                         />
                     </firewall>
                 </config>
@@ -176,7 +176,7 @@ After this, you have protected your login form against CSRF attacks.
                         'form_login' => array(
                             // ...
                             'csrf_parameter' => '_csrf_security_token',
-                            'csrf_token_id'     => 'a_private_string'
+                            'intention'      => 'a_private_string'
                         ),
                     ),
                 ),
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -162,8 +162,8 @@ Each part will be explained in the next section.
 
                         # csrf token options
                         csrf_parameter:       _csrf_token
-                        csrf_token_id:        authenticate
-                        csrf_token_generator: my.csrf_token_generator.id
+                        intention:            authenticate
+                        csrf_provider:        my.csrf_token_generator.id
 
                         # by default, the login form *must* be a POST, not a GET
                         post_only:      true
