SymfonyWorld Online 2021 Summer Edition
June 17 – 18, 2021
SymfonyWorld Online 2021 Winter Edition
December 9 – 10, 2021
  1. Home
  2. Documentation
  3. Controller
  4. How to Manually Validate a CSRF Token in a Controller

Warning: You are browsing the documentation for Symfony 3.4, which is no longer maintained.

Read the updated version of this page for Symfony 5.3 (the current stable version).

How to Manually Validate a CSRF Token in a Controller

3.4 version
Maintained
4.4 5.3 current 5.4 dev 6.0
Unmaintained
2.7 2.8 3.0 3.1 3.2 3.3 3.4 4.0 4.1 4.2 4.3 5.0 5.1 5.2

How to Manually Validate a CSRF Token in a ControllerΒΆ

Sometimes, you want to use CSRF protection in an action where you do not want to use the Symfony Form component. If, for example, you are implementing a DELETE action, you can use the isCsrfTokenValid() method to check the validity of a CSRF token:

use Symfony\Component\HttpFoundation\Request;

public function deleteAction(Request $request)
{
    if ($this->isCsrfTokenValid('token_id', $request->request->get('token_param'))) {
        // ... do something, like deleting an object
    }
}

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.