How to Manually Validate a CSRF Token in a Controller
How to Manually Validate a CSRF Token in a ControllerΒΆ
Sometimes, you want to use CSRF protection in an action where you do not
want to use the Symfony Form component. If, for example, you are implementing
a DELETE action, you can use the isCsrfTokenValid()
method to check the validity of a CSRF token:
use Symfony\Component\HttpFoundation\Request;
public function deleteAction(Request $request)
{
if ($this->isCsrfTokenValid('token_id', $request->request->get('token_param'))) {
// ... do something, like deleting an object
}
}
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.