Symfony 6 Certification New exam with updated questions 100% online Show your expertise

How to Manually Validate a CSRF Token in a Controller

Version: 3.4

Maintained versions
- 4.4
- 5.4
- 6.0 current
- 6.1 dev
Unmaintained versions
- 2.7
- 2.8
- 3.0
- 3.1
- 3.2
- 3.3
- 3.4
- 4.0
- 4.1
- 4.2
- 4.3
- 5.0
- 5.1
- 5.2
- 5.3

Warning: You are browsing the documentation for version 3.4 which is not maintained anymore.

If some of your projects are still using this version, consider upgrading.

How to Manually Validate a CSRF Token in a Controller

Sometimes, you want to use CSRF protection in an action where you do not want to use the Symfony Form component. If, for example, you are implementing a DELETE action, you can use the isCsrfTokenValid() method to check the validity of a CSRF token:

        1
2
3
4
5
6
7
8
        use Symfony\Component\HttpFoundation\Request;

public function deleteAction(Request $request)
{
    if ($this->isCsrfTokenValid('token_id', $request->request->get('token_param'))) {
        // ... do something, like deleting an object
    }
}
    

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.

Menu

How to Manually Validate a CSRF Token in a Controller

How to Manually Validate a CSRF Token in a Controller

Deployed on