Description

POST only actions like delete actions are likely to use such kind of code:

if (!$this->isCsrfTokenValid('delete_example', $request->request->getString('_token'))) {
    throw new BadRequestHttpException('This token is invalid');
}

What about introducing a new IsCsrfTokenValid attribute that takes the id and optionally the token key to avoid repeating the if check.

If accepted I can try a PR during the Hackday 🙂

Example

#[IsCsrfTokenValid('delete_example')]
public function deleteAction(): Response
{
    /// ...