The CsrfServiceProvider provides a service for building forms in your application with the Symfony Form component.
1 2 3 | use Silex\Provider\CsrfServiceProvider;
$app->register(new CsrfServiceProvider());
|
Note
Add the Symfony's Security CSRF Component as a dependency:
1 | composer require symfony/security-csrf
|
When the CSRF Service Provider is registered, all forms created via the Form Service Provider are protected against CSRF by default.
You can also use the CSRF protection even without using the Symfony Form component. If, for example, you're doing a DELETE action, you can check the CSRF token:
use Symfony\Component\Security\Csrf\CsrfToken;
$app['csrf.token_manager']->isTokenValid(new CsrfToken('token_id', 'TOKEN'));