symfony-docs icon indicating copy to clipboard operation
symfony-docs copied to clipboard
verified publisher icon symfony

Enhance CSRF documentation with OWASP best practices and guidelines

Open Spomky opened this issue 2 months ago • 0 comments

ping @javiereguiluz

As you mentioned, Symfony Forms add CSRF tokens by default, including for forms using the GET method. This change clarifies that this practice is not recommended and points users to the section explaining how to disable CSRF protection.

Spomky avatar Dec 12 '25 12:12 Spomky