SymfonyWorld Online 2021
Jun 17–18, 2021
SymfonyLive Online Spanish Edition 2021
May 7, 2021
SymfonyLive Online German Edition 2021
Apr 16, 2021
SymfonyLive Online French Edition 2021
Apr 9, 2021
SymfonyLive Online Polish Edition 2021
Mar 12, 2021
  1. Home
  2. Documentation
  3. Controller
  4. How to Manually Validate a CSRF Token in a Controller
WARNING:

You are browsing the documentation for Symfony 3.4 which is not maintained anymore.

Consider upgrading your projects to Symfony 5.2.

How to Manually Validate a CSRF Token in a Controller

3.4 version
Unmaintained
2.7 2.8 3.0 3.1 3.2 3.3 3.4

How to Manually Validate a CSRF Token in a Controller

Sometimes, you want to use CSRF protection in an action where you do not want to use the Symfony Form component. If, for example, you are implementing a DELETE action, you can use the isCsrfTokenValid() method to check the validity of a CSRF token:

use Symfony\Component\HttpFoundation\Request;

public function deleteAction(Request $request)
{
    if ($this->isCsrfTokenValid('token_id', $request->request->get('token_param'))) {
        // ... do something, like deleting an object
    }
}

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.