Amsterdam Nov. 21-23, 2019
Lille (France) March 1, 2019
Paris (France) March 28-29, 2019
Tunis (Tunisia) April 27, 2019
São Paulo (Brazil) May 16-17, 2019
Warszawa (Poland) June 13-14, 2019
London (UK) Sep. 13, 2019
Berlin (Germany) Sep. 24-27, 2019
  1. Home
  2. Documentation
  3. Controller
  4. How to Manually Validate a CSRF Token in a Controller
WARNING: You are browsing the documentation for Symfony 2.7 which is not maintained anymore. Consider upgrading your projects to Symfony 4.3.

How to Manually Validate a CSRF Token in a Controller

2.7 version
Maintained
3.4
Unmaintained
2.8 3.0 3.1 3.2 3.3

How to Manually Validate a CSRF Token in a Controller

Sometimes, you want to use CSRF protection in an action where you do not want to use the Symfony Form component. If, for example, you are implementing a DELETE action, you can use the isCsrfTokenValid() method to check the validity of a CSRF token:

1
2
3
4
5
6
public function deleteAction()
{
    if ($this->isCsrfTokenValid('token_id', $submittedToken)) {
        // ... do something, like deleting an object
    }
}

New in version 2.6: The isCsrfTokenValid() shortcut method was introduced in Symfony 2.6. It is equivalent to executing the following code:

1
2
3
4
use Symfony\Component\Security\Csrf\CsrfToken;

$this->get('security.csrf.token_manager')
    ->isTokenValid(new CsrfToken('token_id', 'TOKEN'));

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.