53 lines
1.3 KiB
ReStructuredText
53 lines
1.3 KiB
ReStructuredText
CSRF
|
|
====
|
|
|
|
The *CsrfServiceProvider* provides a service for building forms in your
|
|
application with the Symfony Form component.
|
|
|
|
Parameters
|
|
----------
|
|
|
|
* none
|
|
|
|
Services
|
|
--------
|
|
|
|
* **csrf.token_manager**: An instance of an implementation of the
|
|
`CsrfProviderInterface
|
|
<http://api.symfony.com/master/Symfony/Component/Form/Extension/Csrf/CsrfProvider/CsrfProviderInterface.html>`_,
|
|
defaults to a `DefaultCsrfProvider
|
|
<http://api.symfony.com/master/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.html>`_.
|
|
|
|
Registering
|
|
-----------
|
|
|
|
.. code-block:: php
|
|
|
|
use Silex\Provider\CsrfServiceProvider;
|
|
|
|
$app->register(new CsrfServiceProvider());
|
|
|
|
.. note::
|
|
|
|
Add the Symfony's `Security CSRF Component
|
|
<http://symfony.com/doc/current/components/security/index.html>`_ as a
|
|
dependency:
|
|
|
|
.. code-block:: bash
|
|
|
|
composer require symfony/security-csrf
|
|
|
|
Usage
|
|
-----
|
|
|
|
When the CSRF Service Provider is registered, all forms created via the Form
|
|
Service Provider are protected against CSRF by default.
|
|
|
|
You can also use the CSRF protection even without using the Symfony Form
|
|
component. If, for example, you're doing a DELETE action, you can check the
|
|
CSRF token::
|
|
|
|
use Symfony\Component\Security\Csrf\CsrfToken;
|
|
|
|
$app['csrf.token_manager']->isTokenValid(new CsrfToken('token_id', 'TOKEN'));
|