@@ -440,7 +440,7 @@ If you want to redirect the user to another page, use the ``redirectToRoute()`` |
440 | 440 | } |
441 | 441 |
|
442 | 442 | .. versionadded:: 2.6 |
443 | | -The ``redirectToRoute()`` method was added in Symfony 2.6. Previously (and still now), you |
| 443 | +The ``redirectToRoute()`` method was introduced in Symfony 2.6. Previously (and still now), you |
444 | 444 | could use ``redirect()`` and ``generateUrl()`` together for this (see the example above). |
445 | 445 |
|
446 | 446 | Or, if you want to redirect externally, just use ``redirect()`` and pass it the URL:: |
@@ -803,6 +803,28 @@ Just like when creating a controller for a route, the order of the arguments of |
803 | 803 | order of the arguments, Symfony will still pass the correct value to each |
804 | 804 | variable. |
805 | 805 |
|
| 806 | +Validating a CSRF Token |
| 807 | +----------------------- |
| 808 | + |
| 809 | +Sometimes you want to use CSRF protection in an action where you don't want to use the |
| 810 | +Symfony Form component. |
| 811 | + |
| 812 | +If, for example, you're doing a DELETE action, you can use the |
| 813 | +:method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` |
| 814 | +method to check the CSRF token:: |
| 815 | + |
| 816 | +if ($this->isCsrfTokenValid('token_id', $submittedToken)) { |
| 817 | +// ... do something, like deleting an object |
| 818 | +} |
| 819 | + |
| 820 | +.. versionadded:: 2.6 |
| 821 | +The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6. |
| 822 | +It is equivalent to executing the following code:: |
| 823 | + |
| 824 | +use Symfony\Component\Security\Csrf\CsrfToken; |
| 825 | + |
| 826 | +$this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN')); |
| 827 | + |
806 | 828 | Final Thoughts |
807 | 829 | -------------- |
808 | 830 |
|
|
0 commit comments