From 4559b9cd2d4b9a6df618c0656e647f30321fb04d Mon Sep 17 00:00:00 2001
From: Maxime Doutreluingne <maxime.doutreluingne@gmail.com>
Date: Sat, 12 Nov 2022 11:24:37 +0100
Subject: [PATCH] [Security] Add form_only option

---
 reference/configuration/security.rst | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index dda2c08e8e7..26081fa63bf 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -352,6 +352,19 @@ failure_path
 This is the route or path that the user is redirected to after a failed login attempt.
 It can be a relative/absolute URL or a Symfony route name.
 
+form_only
+............
+
+**type**: ``boolean`` **default**: ``false``
+
+By setting this option to ``true``, a content type check will be performed when the login form is submitted
+(i.e. the login form will be processed if it is the form data, so with a
+content type ``application/x-www-form-urlencoded``.
+
+.. versionadded:: 5.4
+
+    The ``form_only`` option was introduced in Symfony 5.4.
+
 use_forward
 ...........