From 3b22b8f6bac43e5e929ac0acf81b52dd935e3d67 Mon Sep 17 00:00:00 2001 From: Jens Pliester Date: Tue, 6 Jun 2017 10:54:07 +0200 Subject: [PATCH 1/2] adding note that CSRF protection has to be enabled in config This issue should be mentioned in the guide. If CSRF Protection is disabled, Symfony won't find the CSRF-Token manager, implicating a missing package. But all was needed was setting csrf_protection to true in config.yml. --- security/csrf_in_login_form.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/security/csrf_in_login_form.rst b/security/csrf_in_login_form.rst index aa7f55ef0b9..7f61319ad7a 100644 --- a/security/csrf_in_login_form.rst +++ b/security/csrf_in_login_form.rst @@ -74,6 +74,7 @@ provider available in the Security component: The Security component can be configured further, but this is all information it needs to be able to use CSRF in the login form. +Note: Make sure that CSRF Protection is enabled in ``config.yml``. Rendering the CSRF field ------------------------ From f8f30e8c50db2a22d148294d56648e384a614d4e Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Sun, 9 Jul 2017 13:30:35 +0200 Subject: [PATCH 2/2] Reworded the help note --- security/csrf_in_login_form.rst | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/security/csrf_in_login_form.rst b/security/csrf_in_login_form.rst index 7f61319ad7a..372b2dc5148 100644 --- a/security/csrf_in_login_form.rst +++ b/security/csrf_in_login_form.rst @@ -16,9 +16,18 @@ for CSRF. In this article you'll learn how you can use it in your login form. Configuring CSRF Protection --------------------------- -First, configure the Security component so it can use CSRF protection. -The Security component needs a CSRF token provider. You can set this to use the default -provider available in the Security component: +First, make sure that the CSRF protection is enabled in the main cofiguration +file: + +.. code-block:: yaml + + # app/config/config.yml + framework: + # ... + csrf_protection: ~ + +Then, the security component needs a CSRF token provider. You can set this to +use the default provider available in the security component: .. configuration-block:: @@ -74,7 +83,6 @@ provider available in the Security component: The Security component can be configured further, but this is all information it needs to be able to use CSRF in the login form. -Note: Make sure that CSRF Protection is enabled in ``config.yml``. Rendering the CSRF field ------------------------