[cookbook/csrf_in_login_form] Confusion around csrf_token_generator and csrf_provider for form_login

[gbalcewicz]

In the docs for 2.7 under the form_login is csrf_token_generator. In docs for 2.8 there is a note that csrf_token_generator was introduced in 2.4. In docs for 2.6 there is csrf_provider.

When using csrf_token_generator in symfony 2.7 we are getting exception:

InvalidConfigurationException in ArrayNode.php line 309: Unrecognized option "csrf_token_generator" under "security.firewalls.main.form_login"

Moreover in the docs for FosUserBundle there is a comment in yml

# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider

It confuses a lot. I assume that csrf_token_generator was introduced in 2.8. Is that right?

[xabbuh]

You are right. For the Form component, the new options have been introduced in Symfony 2.4. The same applies for the csrf_token_generator and csrf_token_id options under the logout section for firewalls (see symfony/symfony#9587). However, for the form login this has only be done in Symfony 2.8 (see symfony/symfony#16704).

This means that we must partly revert the changes from #6152 and add them back after merging the reverted changes up to the 2.8 branch.

[xabbuh]

see #6207

[xabbuh]

The wrong changes have been revert in #6207 and I have added them back again in 372704b after merging things up to the 2.8 branch. Thank you for reporting this @gbalcewicz!