diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/WebExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/WebExtension.php
index d4e1be5c31..9dd76d4606 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/WebExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/WebExtension.php
@@ -52,6 +52,12 @@ class WebExtension extends Extension
             $container->setParameter('debug.file_link_format', 'txmt://open?url=file://%%f&line=%%l');
         }
 
+        foreach (array('csrf_secret', 'csrf-secret') as $key) {
+            if (isset($config[$key])) {
+                $container->setParameter('csrf_secret', $config[$key]);
+            }
+        }
+
         if (isset($config['router'])) {
             if (!$container->hasDefinition('router')) {
                 $loader->load($this->resources['routing']);
diff --git a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
index 5a23c7cf7d..274e7e4f92 100644
--- a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
+++ b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
@@ -3,6 +3,7 @@
 namespace Symfony\Bundle\FrameworkBundle;
 
 use Symfony\Framework\Bundle\Bundle;
+use Symfony\Component\Form\Form;
 
 /*
  * This file is part of the Symfony framework.
@@ -20,4 +21,14 @@ use Symfony\Framework\Bundle\Bundle;
  */
 class FrameworkBundle extends Bundle
 {
+    /**
+     * Boots the Bundle.
+     */
+    public function boot()
+    {
+        if ($secret = $this->container->getParameter('csrf_secret')) {
+            Form::setDefaultCsrfSecret($secret);
+            Form::enableDefaultCsrfProtection();
+        }
+    }
 }
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
index 83563e2d0f..f4caf0aebf 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
@@ -17,6 +17,7 @@
         </xsd:sequence>
 
         <xsd:attribute name="ide" type="xsd:string" />
+        <xsd:attribute name="csrf-secret" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="profiler">
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/php/config/config.php b/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/php/config/config.php
index 36adc2d7c1..0be2e62aa0 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/php/config/config.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/php/config/config.php
@@ -6,8 +6,9 @@ $container->loadFromExtension('kernel', 'config', array(
 ));
 
 $container->loadFromExtension('web', 'config', array(
-    'router'     => array('resource' => '%kernel.root_dir%/config/routing.php'),
-    'validation' => array('enabled' => true, 'annotations' => true),
+    'csrf-secret' => 'xxxxxxxxxx',
+    'router'      => array('resource' => '%kernel.root_dir%/config/routing.php'),
+    'validation'  => array('enabled' => true, 'annotations' => true),
 ));
 
 $container->loadFromExtension('web', 'templating', array(
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/xml/config/config.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/xml/config/config.xml
index e83311e3f7..72783a206b 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/xml/config/config.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/xml/config/config.xml
@@ -20,7 +20,7 @@
         error_handler="null"
     />
 
-    <web:config>
+    <web:config csrf-secret="xxxxxxxxxx">
         <web:router resource="%kernel.root_dir%/config/routing.xml" />
         <web:validation enabled="true" annotations="true" />
     </web:config>
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/yml/config/config.yml b/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/yml/config/config.yml
index 9a4ac82717..1c7f129952 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/yml/config/config.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/skeleton/application/yml/config/config.yml
@@ -3,8 +3,9 @@ kernel.config:
     error_handler: null
 
 web.config:
-    router:     { resource: "%kernel.root_dir%/config/routing.yml" }
-    validation: { enabled: true, annotations: true }
+    csrf_secret: xxxxxxxxxx
+    router:      { resource: "%kernel.root_dir%/config/routing.yml" }
+    validation:  { enabled: true, annotations: true }
 
 web.templating:
     escaping:       htmlspecialchars
diff --git a/src/Symfony/Component/Form/Form.php b/src/Symfony/Component/Form/Form.php
index 6a9d04bf68..5e8adae00b 100644
--- a/src/Symfony/Component/Form/Form.php
+++ b/src/Symfony/Component/Form/Form.php
@@ -32,7 +32,7 @@ class Form extends FieldGroup
 {
     protected static $defaultCsrfSecret = null;
     protected static $defaultCsrfProtection = false;
-    protected static $defaultCsrfFieldName = '_csrf_token';
+    protected static $defaultCsrfFieldName = '_token';
     protected static $defaultLocale = null;
     protected static $defaultTranslator = null;