diff --git a/security/csrf_in_login_form.rst b/security/csrf_in_login_form.rst
index aa7f55ef0b9..372b2dc5148 100644
--- a/security/csrf_in_login_form.rst
+++ b/security/csrf_in_login_form.rst
@@ -16,9 +16,18 @@ for CSRF. In this article you'll learn how you can use it in your login form.
 Configuring CSRF Protection
 ---------------------------
 
-First, configure the Security component so it can use CSRF protection.
-The Security component needs a CSRF token provider. You can set this to use the default
-provider available in the Security component:
+First, make sure that the CSRF protection is enabled in the main cofiguration
+file:
+
+.. code-block:: yaml
+
+    # app/config/config.yml
+    framework:
+        # ...
+        csrf_protection: ~
+
+Then, the security component needs a CSRF token provider. You can set this to
+use the default provider available in the security component:
 
 .. configuration-block::