Merge branch '6.1' into 6.2

javiereguiluz · javiereguiluz · commit 34ddba736833 · 2022-11-18T16:42:19.000+01:00
* 6.1:
  [Security] Add form_only option
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -256,6 +256,21 @@ failure_path
 This is the route or path that the user is redirected to after a failed login attempt.
 It can be a relative/absolute URL or a Symfony route name.
 
+form_only
+.........
+
+**type**: ``boolean`` **default**: ``false``
+
+Set this option to ``true`` to require that the login data is sent using a form
+(it checks that the request content-type is ``application/x-www-form-urlencoded``).
+This is useful for example to prevent the :ref:`form login authenticator <security-form-login>`
+from responding to requests that should be handled by the
+:ref:`JSON login authenticator <security-json-login>`.
+
+.. versionadded:: 5.4
+
+    The ``form_only`` option was introduced in Symfony 5.4.
+
 use_forward
 ...........
 
diff --git a/security.rst b/security.rst
@@ -959,6 +959,8 @@ After this, you have protected your login form against CSRF attacks.
     the token ID by setting  ``csrf_token_id`` in your configuration. See
     :ref:`reference-security-firewall-form-login` for more details.
 
+.. _security-json-login:
+
 JSON Login
 ~~~~~~~~~~
 
