CsrfProviderInterface deprecated

interface CsrfProviderInterface

^deprecated

since version 2.4, to be removed in 3.0. Use {@link \Symfony\Component\Security\Csrf\CsrfTokenManagerInterface} instead.

Marks classes able to provide CSRF protection.

You can generate a CSRF token by using the method generateCsrfToken(). To this method you should pass a value that is unique to the page that should be secured against CSRF attacks. This value doesn't necessarily have to be secret. Implementations of this interface are responsible for adding more secret information.

If you want to secure a form submission against CSRF attacks, you could supply an "intention" string. This way you make sure that the form can only be submitted to pages that are designed to handle the form, that is, that use the same intention string to validate the CSRF token with isCsrfTokenValid().

Methods

string	generateCsrfToken(string $intention) Generates a CSRF token for a page of your application.
bool	isCsrfTokenValid(string $intention, string $token) Validates a CSRF token.

Details

string generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

Parameters

string

$intention

Some value that identifies the action intention (i.e. "authenticate"). Doesn't have to be a secret value.

Return Value

string

The generated token

bool isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Parameters

string	$intention	The intention used when generating the CSRF token
string	$token	The token supplied by the browser

Return Value

bool	Whether the token supplied by the browser is correct

Links:

http://api.symfony.com/master/Symfony/Component/Form/Extension/Csrf/CsrfProvider/CsrfProviderInterface.html

doc_Symfony

2016-10-28 06:12:39

Comments