Skip to content

Instantly share code, notes, and snippets.

@thibaut-decherit

thibaut-decherit/symfony-logout-csrf-protection.md

Last active May 11, 2024 10:15
Show Gist options
  • Save thibaut-decherit/5b4e7a256ec6e38603e015d99108215f to your computer and use it in GitHub Desktop.
Save thibaut-decherit/5b4e7a256ec6e38603e015d99108215f to your computer and use it in GitHub Desktop.
Download ZIP
Symfony - Logout with CSRF protection
Raw
symfony-logout-csrf-protection.md

URL version (GET)

config/packages/security.yaml

security:
  firewalls:
    main:
      logout:
        path: logout
        csrf_parameter: token
        csrf_token_generator: security.csrf.token_manager

example.html.twig

<a href="{{ path('logout', {'token' : csrf_token('logout')}) }}">Logout</a>

Button version (POST)

config/packages/security.yaml

security:
  firewalls:
    main:
      logout:
        path: logout
        csrf_token_generator: security.csrf.token_manager

example.html.twig

<form action="{{ path('logout') }}" method="post" id="form-button-logout">
    <input type="hidden" name="_csrf_token" value="{{ csrf_token('logout') }}" id="csrf-token"/>
    <input
            class="btn btn-danger border-0 rounded-0 text-white" type="submit" id="_submit"
            name="_submit"
            value="Logout"
    />
</form>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment