minor #16344 Update Doc of csrf_protection configuration in framework level (arcanisgk)

javiereguiluz · javiereguiluz · commit 2160a0dc6159 · 2022-03-21T17:21:23.000+01:00
This PR was submitted for the 6.0 branch but it was squashed and merged into the 4.4 branch instead. Discussion ---------- Update Doc of csrf_protection configuration in framework level Update Doc of csrf_protection configuration in framework level, this configuration requires an example to clarify its implementation Commits ------- 9e59e57 Update Doc of csrf_protection configuration in framework level
diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst
@@ -358,6 +358,43 @@ If you're using forms, but want to avoid starting your session (e.g. using
 forms in an API-only website), ``csrf_protection`` will need to be set to
 ``false``.
 
+example:
+
+.. configuration-block::
+
+    .. code-block:: yaml
+    
+        # config/packages/framework.yaml
+        framework:
+            # ...
+            csrf_protection: true #can be true or false
+            
+    .. code-block:: xml
+    
+        <!-- config/packages/framework.xml -->
+        <?xml version="1.0" encoding="UTF-8" ?>
+        <container xmlns="http://symfony.com/schema/dic/services"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xmlns:framework="http://symfony.com/schema/dic/symfony"
+            xsi:schemaLocation="http://symfony.com/schema/dic/services
+                https://symfony.com/schema/dic/services/services-1.0.xsd
+                http://symfony.com/schema/dic/symfony
+                https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
+            <framework:config>
+                <framework:csrf-protection enabled="true"/>
+            </framework:config>
+        </container>
+        
+    .. code-block:: php
+    
+        // config/packages/framework.php
+        use Symfony\Config\FrameworkConfig;
+        return static function (FrameworkConfig $framework) {
+            $framework->csrfProtection()
+                ->enabled(true) #can be true or false
+            ;
+        };
+
 .. _config-framework-error_controller:
 
 error_controller
