Thanks to visit codestin.com
Credit goes to github.com

Skip to content

What about an IsCsrfTokenValid attribute? #52947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
yguedidi opened this issue Dec 8, 2023 · 2 comments ยท Fixed by #52961
Closed

What about an IsCsrfTokenValid attribute? #52947

yguedidi opened this issue Dec 8, 2023 · 2 comments ยท Fixed by #52961
Labels
Feature Security

Comments

@yguedidi
Copy link
Contributor

yguedidi commented Dec 8, 2023
edited
Loading

Description

POST only actions like delete actions are likely to use such kind of code:

if (!$this->isCsrfTokenValid('delete_example', $request->request->getString('_token'))) {
    throw new BadRequestHttpException('This token is invalid');
}

What about introducing a new IsCsrfTokenValid attribute that takes the id and optionally the token key to avoid repeating the if check.

If accepted I can try a PR during the Hackday ๐Ÿ™‚

Example

#[IsCsrfTokenValid('delete_example')]
public function deleteAction(): Response
{
    /// ...
@wouterj
Copy link
Member

wouterj commented Dec 9, 2023

Hi @yguedidi! I think it looks interesting.

I guess this can work similar to how the #[IsGranted] attribute is implemented. Happy to help if you want some pointers (find the guy with the gray Symfony hoodie ๐Ÿ˜„ )

@yguedidi
Copy link
Contributor Author

yguedidi commented Dec 9, 2023

Thank you! on it!

@yguedidi yguedidi mentioned this issue Dec 9, 2023
Merged
@fabpot fabpot closed this as completed Dec 9, 2023
fabpot added a commit that referenced this issue Dec 9, 2023
@fabpot
feature #52961 [Security][SecurityBundle] Add #[IsCsrfTokenValid] aโ€ฆ
5ae3df5 
โ€ฆttribute (yguedidi)

This PR was merged into the 7.1 branch.

Discussion
----------

[Security][SecurityBundle] Add `#[IsCsrfTokenValid]` attribute

| Q             | A
| ------------- | ---
| Branch?       | 7.1
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Issues        | Fix #52947
| License       | MIT

#SymfonyHackday

Commits
-------

a0e1d66 Add IsCsrfTokenValid attribute
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security][SecurityBundle] Add #[IsCsrfTokenValid] attribute yguedidi/symfony
4 participants
@fabpot @wouterj @yguedidi @xabbuh