Thanks to visit codestin.com
Credit goes to github.com

Skip to content

What about an IsCsrfTokenValid attribute?Β #52947

New issue
New issue
Closed
#52961
Closed
What about an IsCsrfTokenValid attribute?#52947
#52961
Labels
FeatureSecurity
@yguedidi

Description

@yguedidi
yguedidi
opened on Dec 8, 2023

Description

POST only actions like delete actions are likely to use such kind of code:

if (!$this->isCsrfTokenValid('delete_example', $request->request->getString('_token'))) {
    throw new BadRequestHttpException('This token is invalid');
}

What about introducing a new IsCsrfTokenValid attribute that takes the id and optionally the token key to avoid repeating the if check.

If accepted I can try a PR during the Hackday πŸ™‚

Example

#[IsCsrfTokenValid('delete_example')]
public function deleteAction(): Response
{
    /// ...

Metadata

Metadata

Assignees

No one assigned

    Labels

    FeatureSecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions