Commit f1ee7c6
committed
minor #1312 Use logout_path() helper + add CSRF protection to logout (wouterj)
This PR was merged into the main branch.
Discussion
----------
Use logout_path() helper + add CSRF protection to logout
The login form already had CSRF protection, but logout didn't yet in this demo application. Generally, I think it's a good idea to add CSRF protection to logout. At the very least, it avoids annoying situations where a website can force users to logout from your service on each visit. But depending on the type of application, things can also get more serious and cause actual security issues when CSRF on logout isn't enabled.
Fortunately, CSRF protection on logout is quite easy using the `logout_path()` helper: it automatically knows the logout URL of the current firewall and it automatically adds the correct CSRF token to the URL. I think the logout path/url helpers are little known gems in Symfony, so let's showcase them :)
Commits
-------
6fc7aeb Use logout_path() helper + add CSRF protection to logout2 files changed
+5
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
50 | 50 | | |
51 | 51 | | |
52 | 52 | | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
53 | 57 | | |
54 | 58 | | |
55 | 59 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
83 | 83 | | |
84 | 84 | | |
85 | 85 | | |
86 | | - | |
| 86 | + | |
87 | 87 | | |
88 | 88 | | |
89 | 89 | | |
| |||
0 commit comments