From b760a012664b77c1e435519cd1f29326a0093357 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@open.de>
Date: Thu, 13 Nov 2025 11:15:31 +0100
Subject: [PATCH] fix default CSRF token input name

---
 security/csrf.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/csrf.rst b/security/csrf.rst
index 2902ab27d61..73aa267b440 100644
--- a/security/csrf.rst
+++ b/security/csrf.rst
@@ -112,7 +112,7 @@ to do anything to be protected against CSRF attacks.
 
 .. _form-csrf-customization:
 
-By default Symfony adds the CSRF token in a hidden field called ``_csrf_token``, but
+By default Symfony adds the CSRF token in a hidden field called ``_token``, but
 this can be customized (1) globally for all forms and (2) on a form-by-form basis.
 Globally, you can configure it under the ``framework.form`` option:
 
@@ -180,7 +180,7 @@ method of each form::
                 // enable/disable CSRF protection for this form
                 'csrf_protection' => true,
                 // the name of the hidden HTML field that stores the token
-                'csrf_field_name' => '_token',
+                'csrf_field_name' => 'custom_token_name',
                 // an arbitrary string used to generate the value of the token
                 // using a different string for each form improves its security
                 'csrf_token_id'   => 'task_item',