symfony-docs icon indicating copy to clipboard operation
symfony-docs copied to clipboard
verified publisher icon symfony

[Security] Implement stateless headers/cookies-based CSRF protection

Open nicolas-grekas opened this issue 1 year ago • 1 comments

Q A
Feature PR symfony/symfony#58095
PR author(s) @nicolas-grekas
Merged in 7.2

We created this issue to not forget to document this new feature. We would really appreciate if you can help us with this task. If you are not sure how to do it, please ask us and we will help you.

To fix this issue, please create a PR against the 7.2 branch in the symfony-docs repository.

Thank you! :smiley:

nicolas-grekas avatar Oct 08 '24 13:10 nicolas-grekas

@nicolas-grekas if you have some time, please try to send a PR for this. I feel like this is important and you are the one who understands this best. Thanks!

javiereguiluz avatar Oct 14 '24 10:10 javiereguiluz

Friendly ping @nicolas-grekas

The release is out now, but we're still lacking the docs for this big change. Do you have any time, once the conference is over, to write this document? 🙏

wouterj avatar Nov 30 '24 10:11 wouterj

It should be noted that the JS file needs to be included using the Stimulus bundle; otherwise, after the update, you'll get only error messages with someting aboutinvalid CSRF-Token without a hint why it is invalid. It took me a while to unterstand the changes, as I hadn't installed the Stimulus bundle.

chapterjason avatar Jan 24 '25 21:01 chapterjason