Skip to content

Commit ef5d786

Browse files
committed
Reword
1 parent b620429 commit ef5d786

File tree

2 files changed

+8
-4
lines changed

2 files changed

+8
-4
lines changed

reference/configuration/security.rst

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -353,13 +353,15 @@ This is the route or path that the user is redirected to after a failed login at
353353
It can be a relative/absolute URL or a Symfony route name.
354354

355355
form_only
356-
............
356+
.........
357357

358358
**type**: ``boolean`` **default**: ``false``
359359

360-
By setting this option to ``true``, a content type check will be performed when the login form is submitted
361-
(i.e. the login form will be processed if it is the form data, so with a
362-
content type ``application/x-www-form-urlencoded``.
360+
Set this option to ``true`` to require that the login data is sent using a form
361+
(it checks that the request content-type is ``application/x-www-form-urlencoded``).
362+
This is useful for example to prevent the :ref:`form login authenticator <security-form-login>`
363+
from responding to requests that should be handled by the
364+
:ref:`JSON login authenticator <security-json-login>`.
363365

364366
.. versionadded:: 5.4
365367

security.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -957,6 +957,8 @@ After this, you have protected your login form against CSRF attacks.
957957
the token ID by setting ``csrf_token_id`` in your configuration. See
958958
:ref:`reference-security-firewall-form-login` for more details.
959959

960+
.. _security-json-login:
961+
960962
JSON Login
961963
~~~~~~~~~~
962964

0 commit comments

Comments
 (0)