a SensioLabs Product

The PHP micro-framework
based on the Symfony Components

Silex is in maintenance mode. Ends of life is set to June 2018.
Use Symfony 4 instead. Read more on Symfony's blog.
You are reading the documentation for Silex 2.0. Switch to the documentation for Silex 1.3.

Questions & Feedback

License

Creative Commons License Silex documentation is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.

CSRF

The CsrfServiceProvider provides a service for building forms in your application with the Symfony Form component.

Parameters

  • csrf.session_namespace (optional): The namespace under which the token is stored in the session. Defaults to _csrf.

Services

Registering

1
2
3
use Silex\Provider\CsrfServiceProvider;

$app->register(new CsrfServiceProvider());

Note

Add the Symfony's Security CSRF Component as a dependency:

1
composer require symfony/security-csrf

Usage

When the CSRF Service Provider is registered, all forms created via the Form Service Provider are protected against CSRF by default.

You can also use the CSRF protection without using the Symfony Form component. If, for example, you're doing a DELETE action, create a CSRF token to use in your code:

use Symfony\Component\Security\Csrf\CsrfToken;
$csrfToken = $app['csrf.token_manager']->getToken('token_id'); //'TOKEN'

Then check it:

$app['csrf.token_manager']->isTokenValid(new CsrfToken('token_id', 'TOKEN'));
Website powered by Symfony and Twig, deployed on
The Silex logo is © 2010-2018 SensioLabs