Search by Algolia
Back to symfony.com
50% discount in conference replays
2020 and 2021 events
In English, French, German, Polish and Spanish

How to Manually Validate a CSRF Token in a Controller

Edit this page

Warning: You are browsing the documentation for Symfony 2.7, which is no longer maintained.

Read the updated version of this page for Symfony 6.0 (the current stable version).

How to Manually Validate a CSRF Token in a Controller

Sometimes, you want to use CSRF protection in an action where you do not want to use the Symfony Form component. If, for example, you are implementing a DELETE action, you can use the isCsrfTokenValid() method to check the validity of a CSRF token:

1
2
3
4
5
6
public function deleteAction()
{
    if ($this->isCsrfTokenValid('token_id', $submittedToken)) {
        // ... do something, like deleting an object
    }
}

2.6

The isCsrfTokenValid() shortcut method was introduced in Symfony 2.6. It is equivalent to executing the following code:

1
2
3
4
use Symfony\Component\Security\Csrf\CsrfToken;

$this->get('security.csrf.token_manager')
    ->isTokenValid(new CsrfToken('token_id', 'TOKEN'));
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.
No stress: we've got you covered with our 116 automated quality checks of your code

No stress: we've got you covered with our 116 automated quality checks of your code

Measure & Improve Symfony Code Performance

Measure & Improve Symfony Code Performance

Peruse our complete Symfony & PHP solutions catalog for your web development needs.

Peruse our complete Symfony & PHP solutions catalog for your web development needs.