Symfony2注销CSRF保护:无法识别csrf_provider [英] Symfony2 logout CSRF protection: csrf_provider unrecognized
问题描述
如何保护注销操作?我阅读了默认配置,并设置了
How can I protect the logout action? I read default configuration, and set
logout:
csrf_parameter: _token
csrf_provider: ~
intention: logout
但是当我尝试清除缓存时,显示以下错误:
but when I'm trying to clear cache the following error displayed:
[Symfony \ Component \ Config \ Definition \ Exception \ InvalidConfigurationException] "security.firewalls.main.logout"下的无法识别的选项"csrf_provider"
[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException] Unrecognized options "csrf_provider" under "security.firewalls.main.logout"
我正在使用Symfony 2.4 + FOSUserBundle 1.3.
I'm using Symfony 2.4 + FOSUserBundle 1.3.
推荐答案
我研究了Symfony的代码,发现现在csrf_provider
选项已重命名为csrf_token_generator
.然后我在google上搜索并在GitHub上找到了相关的问题.因此,在不同步的文档中出现了问题.
I've researched the Symfony's code and find that now csrf_provider
option renamed to csrf_token_generator
. Then I googled and found related issue on GitHub. So the problem in an unsynchronized documentation.
最终的解决方案是:
配置:
# app/config/security.yml
security:
# ...
firewalls:
# ...
your_firewall_name:
# ...
logout:
# ...
csrf_token_generator: your_csrf_provider # e.g. form.csrf_provider
树枝模板:
<a href="{{ logout_url('your_firewall_name') }}">Logout</a>
请注意,由于辅助程序错误,我们使用的是logout_url()
而不是logout_path()
(在开发环境中,它生成的绝对路径不带app_dev.php
后缀).这些小树枝助手将%token_parameter%
附加到您的注销URI中,例如http://example.com/app_dev.php/logout?_csrf_token=36wX6HYU2ASeZBQw_iwKcUDbplmFm4W7Ez-tMaavDNo
.
Note, that we're using logout_url()
instead of logout_path()
due to helper bug (it generates absolute path without app_dev.php
suffix in dev environment). Theese twig helpers appends %token_parameter%
to your logout URI, e.g. http://example.com/app_dev.php/logout?_csrf_token=36wX6HYU2ASeZBQw_iwKcUDbplmFm4W7Ez-tMaavDNo
.
希望此信息会有所帮助.
Hope this information will be helpful.
这篇关于Symfony2注销CSRF保护:无法识别csrf_provider的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!