Merge pull request #56 from davidfuhr/security-doc

[Doc] Add doc for csrf_token modifier
noiselabs · May 7, 2016 · 34e6e6e · 34e6e6e
2 parents b23833d + 2ae1e2c
commit 34e6e6e
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/Resources/doc/extensions.rst b/Resources/doc/extensions.rst
@@ -191,6 +191,15 @@ that method is invented for this example).
 
 For more details on expressions and security, see the section `Complex Access Controls with Expressions <http://symfony.com/doc/current/book/security.html#book-security-expressions>`_ in the Symfony book.
 
+Using CSRF Protection in the Login Form
+---------------------------------------
+
+The security extension also adds a modifer to support CSRF Protection in login forms. Please read `Using CSRF Protection in the Login Form <http://symfony.com/doc/current/cookbook/security/csrf_in_login_form.html>`_ from the Symfony Documentation for general CSRF Protection setup. The template for rendering should look like this:
+
+.. code-block:: html+smarty
+
+    <input type="hidden" name="_csrf_token" value="{'authenticate'|csrf_token}">
+
 Enabling custom Extensions
 ==========================