Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface
Marks classes able to provide CSRF protection
You can generate a CSRF token by using the method generateCsrfToken(). To
this method you should pass a value that is unique to the page that should
be secured against CSRF attacks. This value doesn't necessarily have to be
secret. Implementations of this interface are responsible for adding more
secret information.
If you want to secure a form submission against CSRF attacks, you could
supply an "intention" string. This way you make sure that the form can only
be submitted to pages that are designed to handle the form, that is, that use
the same intention string to validate the CSRF token with isCsrfTokenValid().
- Author: Bernhard Schussek <bschussek@gmail.com>
Synopsis
interface CsrfProviderInterface
{
- // methods
- public void generateCsrfToken()
- public Boolean isCsrfTokenValid()
Methods
public
- generateCsrfToken() — Generates a CSRF token for a page of your application.
- isCsrfTokenValid() — Validates a CSRF token.