Use logout_path() helper + add CSRF protection to logout

wouterj · wouterj · commit 6fc7aeba38f0 · 2022-02-05T12:05:49.000+01:00
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -50,6 +50,10 @@ security:
                 # The name of the route to redirect to after logging out
                 target: homepage
 
+                # Secure the logout against CSRF
+                csrf_parameter: logout
+                csrf_token_generator: security.csrf.token_manager
+
             # needed because in tests we redefine the 'main' firewall to use
             # HTTP Basic instead of the login form, so this firewall has
             # multiple authenticators
diff --git a/templates/base.html.twig b/templates/base.html.twig
@@ -83,7 +83,7 @@
                                             </li>
                                             <li class="divider"></li>
                                             <li>
-                                                <a href="{{ path('security_logout') }}">
+                                                <a href="{{ logout_path() }}">
                                                     <i class="fa fa-sign-out" aria-hidden="true"></i> {{ 'menu.logout'|trans }}
                                                 </a>
                                             </li>
