minor #21575 [Form] fix default CSRF token input name (xabbuh)

javiereguiluz · javiereguiluz · commit d8d31e6546f4 · 2025-11-13T17:11:19.000+01:00
This PR was merged into the 6.4 branch. Discussion ---------- [Form] fix default CSRF token input name Commits ------- b760a01 fix default CSRF token input name
diff --git a/security/csrf.rst b/security/csrf.rst
@@ -112,7 +112,7 @@ to do anything to be protected against CSRF attacks.
 
 .. _form-csrf-customization:
 
-By default Symfony adds the CSRF token in a hidden field called ``_csrf_token``, but
+By default Symfony adds the CSRF token in a hidden field called ``_token``, but
 this can be customized (1) globally for all forms and (2) on a form-by-form basis.
 Globally, you can configure it under the ``framework.form`` option:
 
@@ -180,7 +180,7 @@ method of each form::
                 // enable/disable CSRF protection for this form
                 'csrf_protection' => true,
                 // the name of the hidden HTML field that stores the token
-                'csrf_field_name' => '_token',
+                'csrf_field_name' => 'custom_token_name',
                 // an arbitrary string used to generate the value of the token
                 // using a different string for each form improves its security
                 'csrf_token_id'   => 'task_item',
