PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Henrik Bjørnskov's Blog: Symfony2: Add Cross Site Request Forgery protection to login forms

Note: This article was originally published at PHPDeveloper on 31 December 2011.
PHPDeveloper

In a new post to his blog Henrik Bjørnskov has a tip on preventing cross-site request forgeries in your Symfony2 forms with the help of a simple Symfony2 configuration setting.

When talking with @jmikola on #Symfony-dev this afternoon we got into the subject of cross site request forgery and symfony2 login forms. And it seems that form-login already supports this but neither of us knew how it worked. So here is another quick tip. This time about securing you login form from cross site attacks.

The key is to define a "csrf_provider" in your security.yml config file and point it to the "form.csrf_provider" provider. He also includes the controller and view code/templating you'll need to get the token included in the form (and validated).