4 Symfony csrf_token()?

In Symphony 4 threw out the possibility of a separate use csrf_toke() function, and removed the test of each post request to a presence of the token. All this is built into their package form builder. There is a token, then during validation they do it there like that validinput. I need to display has been custom, to build the form, to display the token, and validate it too, do not understand how.

Your method of CSRF have done so: https://github.com/symfony/symfony/pull/25197/comm...

That is:
{{ csrf_token('authenticate') }} // here is another token

<form action="{{ path('registration.user') }}">
 <input type="text" name="email" placeholder="Email">
 <input type="hidden" name="csrf_token" value="{{ csrf_token(") }}">
 <button type="submit">
 Register Me
</button>
</form>

//Controller

 public function registerNewUser(Request $request)
{
// get key and necessary as it validates


Please tell me how to providerbut token, and how to, put the right token in the way?
Because based on the code, we pass a random string in there now, and what if it be validated?
June 10th 19 at 14:28
1 answer
June 10th 19 at 14:30
Solution
In Symphony 4 threw out the possibility of a separate use csrf_toke() function, and removed the test of each post request to a presence of the token.

There has never been such a test.

Function csrf_token() and isCsrfTokenValid() - only the shortcuts to work with CsrfTokenManager.
To demonstrate, I wrote a small example on flex to get it clear: RegistrationController.

On the differences from Larabel. In Symfony each token has an ID of: 'registration', 'authenctication' etc (it is also called intention - appointment). You can always use the same identifier, e.g. 'default'.
1 - they left the function to render a csrf_token
https://github.com/symfony/symfony-docs/issues/8816
2 - why every token your id?
3 - if the token is empty? csrf_token("), it generiruet token, and verify you can do sort of the same. Will it affect that in addition to readability?
4 - Why return the token to the view?
return $this->render('registration/register.html.twig', [
 'csrf_token' => $token,
- jaycee commented on June 10th 19 at 14:33
Why every token your id?


Well, if a few tokens, they need to distinguish. Right?

if there is an empty token? csrf_token("), it generiruet token, and verify you can do sort of the same. Will it affect that in addition to readability?


This is not an empty token is the token ID is an empty string. I would use: csrf_token('default').

Why return the token to the view?


It must be in the form of a display. View template code, there is not used the function csrf_token(). - Darien46 commented on June 10th 19 at 14:36
all understood, thanks. - jaycee commented on June 10th 19 at 14:39

Find more questions by tags Symfony