[Security] Document CSRF protection for LogoutListener
This commit is contained in:
parent
97dc9c062f
commit
654beeec26
@ -103,6 +103,28 @@ To get the diff between two versions, go to https://github.com/symfony/symfony/c
|
||||
fired on authentication success/failure, regardless of authentication method,
|
||||
events are defined in new event class: `Symfony\Component\Security\Core\AuthenticationEvents`.
|
||||
|
||||
* Added optional CSRF protection to LogoutListener:
|
||||
|
||||
``` yaml
|
||||
security:
|
||||
firewalls:
|
||||
default:
|
||||
logout:
|
||||
path: /logout_path
|
||||
target: /
|
||||
csrf_parameter: _csrf_token # Optional (defaults to "_csrf_token")
|
||||
csrf_provider: form.csrf_provider # Required to enable protection
|
||||
intention: logout # Optional (defaults to "logout")
|
||||
```
|
||||
|
||||
If the LogoutListener has CSRF protection enabled but cannot validate a token,
|
||||
then a LogoutException will be thrown.
|
||||
|
||||
* Added `logout_url` templating helper and Twig extension, which may be used to
|
||||
generate logout URL's within templates. The security firewall's config key
|
||||
must be specified. If a firewall's logout listener has CSRF protection
|
||||
enabled, a token will be automatically added to the generated URL.
|
||||
|
||||
### SwiftmailerBundle
|
||||
|
||||
* This bundle has been moved to its own repository (https://github.com/symfony/SwiftmailerBundle)
|
||||
|
Reference in New Issue
Block a user