[Security] Allow LogoutListener to validate CSRF tokens

This adds several new options to the logout listener, modeled after the form_login listener:

 * csrf_parameter
 * intention
 * csrf_provider

The "csrf_parameter" and "intention" have default values if omitted. By default, "csrf_provider" is empty and CSRF validation is disabled in LogoutListener (preserving BC). If a service ID is given for "csrf_provider", CSRF validation will be enabled. Invalid tokens will result in an InvalidCsrfTokenException being thrown before any logout handlers are invoked.

0 files changed, 0 insertions, 0 deletions