You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
minor #1312 Use logout_path() helper + add CSRF protection to logout (wouterj)
This PR was merged into the main branch.
Discussion
----------
Use logout_path() helper + add CSRF protection to logout
The login form already had CSRF protection, but logout didn't yet in this demo application. Generally, I think it's a good idea to add CSRF protection to logout. At the very least, it avoids annoying situations where a website can force users to logout from your service on each visit. But depending on the type of application, things can also get more serious and cause actual security issues when CSRF on logout isn't enabled.
Fortunately, CSRF protection on logout is quite easy using the `logout_path()` helper: it automatically knows the logout URL of the current firewall and it automatically adds the correct CSRF token to the URL. I think the logout path/url helpers are little known gems in Symfony, so let's showcase them :)
Commits
-------
6fc7aeb Use logout_path() helper + add CSRF protection to logout
0 commit comments