-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
Closed
Description
Description
POST only actions like delete actions are likely to use such kind of code:
if (!$this->isCsrfTokenValid('delete_example', $request->request->getString('_token'))) {
throw new BadRequestHttpException('This token is invalid');
}
What about introducing a new IsCsrfTokenValid
attribute that takes the id and optionally the token key to avoid repeating the if
check.
If accepted I can try a PR during the Hackday 🙂
Example
#[IsCsrfTokenValid('delete_example')]
public function deleteAction(): Response
{
/// ...
SebLevDev and Spomky