From 973166587ad4947800a905e35045e243be3bef7b Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Mon, 4 Dec 2017 10:41:45 +0100 Subject: [PATCH 1/2] The security component must be installed to use csrf_token() --- security/csrf_in_login_form.rst | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/security/csrf_in_login_form.rst b/security/csrf_in_login_form.rst index 3551c82764c..3e0e7ae62d7 100644 --- a/security/csrf_in_login_form.rst +++ b/security/csrf_in_login_form.rst @@ -16,8 +16,13 @@ for CSRF. In this article you'll learn how you can use it in your login form. Configuring CSRF Protection --------------------------- -First, make sure that the CSRF protection is enabled in the main configuration -file: +First, install the Security component in your project: + +.. code-block:: terminal + + $ composer require security + +Then, enable the CSRF protection in the framework configuration file: .. configuration-block:: @@ -52,8 +57,8 @@ file: 'csrf_protection' => null, )); -Then, the security component needs a CSRF token provider. You can set this to -use the default provider available in the security component: +The security component needs a CSRF token provider. You can set this to use the +default provider available in the security component: .. configuration-block:: From 78a9e73c7c01ab87ac8fc9a54fc55fc65b68236e Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Fri, 8 Dec 2017 17:22:13 +0100 Subject: [PATCH 2/2] Fixes after reviewers comments --- security/csrf_in_login_form.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/security/csrf_in_login_form.rst b/security/csrf_in_login_form.rst index 3e0e7ae62d7..6b29646f41d 100644 --- a/security/csrf_in_login_form.rst +++ b/security/csrf_in_login_form.rst @@ -16,11 +16,12 @@ for CSRF. In this article you'll learn how you can use it in your login form. Configuring CSRF Protection --------------------------- -First, install the Security component in your project: +First, install the CSRF support in your project (which in turn requires installing +the Symfony Form component): .. code-block:: terminal - $ composer require security + $ composer require security-csrf form Then, enable the CSRF protection in the framework configuration file: