CSRF¶
The CsrfServiceProvider provides a service for building forms in your application with the Symfony Form component.
Parameters¶
- csrf.session_namespace (optional): The namespace under which the token
is stored in the session. Defaults to
_csrf.
Services¶
- csrf.token_manager: An instance of an implementation of the CsrfTokenManagerInterface,
Registering¶
use Mascot\Provider\CsrfServiceProvider;
$app->register(new CsrfServiceProvider());
Note
Add the Symfony’s Security CSRF Component as a dependency:
composer require symfony/security-csrf
Usage¶
When the CSRF Service Provider is registered, all forms created via the Form Service Provider are protected against CSRF by default.
You can also use the CSRF protection without using the Symfony Form component. If, for example, you’re doing a DELETE action, create a CSRF token to use in your code:
use Symfony\Component\Security\Csrf\CsrfToken;
$csrfToken = $app['csrf.token_manager']->getToken('token_id'); //'TOKEN'
Then check it:
$app['csrf.token_manager']->isTokenValid(new CsrfToken('token_id', 'TOKEN'));