a SensioLabs Product

The PHP micro-framework
based on the Symfony Components

You are reading the documentation for Silex 2.0. Switch to the documentation for Silex 1.3.

Questions & Feedback

License

Creative Commons License Silex documentation is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.

CSRF

The CsrfServiceProvider provides a service for building forms in your application with the Symfony Form component.

Parameters

  • none

Services

Registering

1
2
3
use Silex\Provider\CsrfServiceProvider;

$app->register(new CsrfServiceProvider());

Note

Add the Symfony's Security CSRF Component as a dependency:

1
composer require symfony/security-csrf

Usage

When the CSRF Service Provider is registered, all forms created via the Form Service Provider are protected against CSRF by default.

You can also use the CSRF protection without using the Symfony Form component. If, for example, you're doing a DELETE action, create a CSRF token to use in your code:

use Symfony\Component\Security\Csrf\CsrfToken;
$csrfToken = $app['csrf.token_manager']->getToken('token_id'); //'TOKEN'

Then check it:

$app['csrf.token_manager']->isTokenValid(new CsrfToken('token_id', 'TOKEN'));
Website powered by Symfony and Twig, deployed on
The Silex logo is © 2010-2017 SensioLabs