-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Use IsCsrfTokenValid Attribute
#1564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
not commenting for the PR changes but cant this redirect feature be implemented upstream ?
for ex a code with:
#[Route('/entity/{id}')]
public function show(Entity $entity): Response
returns a 404, can this attribute propose a way to return a specific response status code ?
I was going to merge this ... but I tested it again and now I'm not sure.
With the new code, when there's a CSRF token exception the user is redirected to the public blog index instead of the blog admin page. It's pretty confusing 😐
Yes, indeed. We have no control over this behavior.
There is a discussion about it in symfony/symfony#57343
This will allow the use of
IsCsrfTokenValidAttribute but we lose the redirection when the csrk token is not valid.What do you think?