/** * Returns a CSRF token. * * Use this helper for CSRF protection without the overhead of creating a * form. * * <code> * echo $view['form']->csrfToken('rm_user_'.$user->getId()); * </code> * * Check the token in your action using the same intention. * * <code> * $csrfProvider = $this->get('security.csrf.token_generator'); * if (!$csrfProvider->isCsrfTokenValid('rm_user_'.$user->getId(), $token)) { * throw new \RuntimeException('CSRF attack detected.'); * } * </code> * * @param string $intention The intention of the protected action * * @return string A CSRF token * * @throws \BadMethodCallException When no CSRF provider was injected in the constructor. */ public function csrfToken($intention) { return $this->renderer->renderCsrfToken($intention); }
/** * Returns a CSRF token. * * Use this helper for CSRF protection without the overhead of creating a * form. * * <code> * echo $view['form']->csrfToken('rm_user_'.$user->getId()); * </code> * * Check the token in your action using the same CSRF token id. * * <code> * $csrfProvider = $this->get('security.csrf.token_generator'); * if (!$csrfProvider->isCsrfTokenValid('rm_user_'.$user->getId(), $token)) { * throw new \RuntimeException('CSRF attack detected.'); * } * </code> * * @param string $tokenId The CSRF token id of the protected action * * @return string A CSRF token * * @throws \BadMethodCallException When no CSRF provider was injected in the constructor. */ public function csrfToken($tokenId) { return $this->renderer->renderCsrfToken($tokenId); }