Documented the logout CSRF options

Author: javiereguiluz

reference/configuration/security.rst

@@ -181,6 +181,31 @@ success_handler
 The service ID used for handling a successful logout. The service must implement
 :class:`Symfony\\Component\\Security\\Http\\Logout\\LogoutSuccessHandlerInterface`.
 
+.. _reference-security-logout-csrf:
+
+csrf_parameter
+~~~~~~~~~~~~~~
+
+**type**: ``string`` **default**: ``'_csrf_token'``
+
+The name of the parameter that stores the CSRF token value.
+
+csrf_token_generator
+~~~~~~~~~~~~~~~~~~~~
+
+**type**: ``string`` **default**: ``null``
+
+The ``id`` of the service used to generate the CSRF tokens. Symfony provides a
+default service whose ID is ``security.csrf.token_manager``.
+
+csrf_token_id
+~~~~~~~~~~~~~
+
+**type**: ``string`` **default**: ``'logout'``
+
+An arbitrary string used to generate the token value (and check its validity
+afterwards).
+
 .. _reference-security-ldap:
 
 LDAP functionality

security/csrf.rst

@@ -121,7 +121,8 @@ CSRF Protection in Login Forms
 ------------------------------
 
 See :doc:`/security/form_login_setup` for a login form that is protected from
-CSRF attacks.
+CSRF attacks. You can also configure the
+:ref:`CSRF protection for the logout action <reference-security-logout-csrf>`.
 
 .. _csrf-protection-in-html-forms: