minor #8003 adding note that CSRF protection has to be enabled in config (JensPliester, javiereguiluz)

xabbuh · xabbuh · commit 4da5615b84c1 · 2017-07-11T19:26:26.000+02:00
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes #8003). Discussion ---------- adding note that CSRF protection has to be enabled in config This issue should be mentioned in the guide. If CSRF Protection is disabled, Symfony won't find the CSRF-Token manager, implicating a missing package. But all was needed was setting csrf_protection to true in config.yml. Commits ------- 17fdd2e Reworded the help note b948747 adding note that CSRF protection has to be enabled in config
diff --git a/security/csrf_in_login_form.rst b/security/csrf_in_login_form.rst
@@ -16,9 +16,18 @@ for CSRF. In this article you'll learn how you can use it in your login form.
 Configuring CSRF Protection
 ---------------------------
 
-First, configure the Security component so it can use CSRF protection.
-The Security component needs a CSRF token provider. You can set this to use the default
-provider available in the Security component:
+First, make sure that the CSRF protection is enabled in the main cofiguration
+file:
+
+.. code-block:: yaml
+
+    # app/config/config.yml
+    framework:
+        # ...
+        csrf_protection: ~
+
+Then, the security component needs a CSRF token provider. You can set this to
+use the default provider available in the security component:
 
 .. configuration-block::
 
