From aa5a20cbbb5ace4eb11dd4277b0e63891ec52280 Mon Sep 17 00:00:00 2001
From: Antoine M <amakdessi@me.com>
Date: Mon, 18 Aug 2025 09:55:50 +0200
Subject: [PATCH] Update security.rst

---
 security.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/security.rst b/security.rst
index bc394fd95b8..c1cba6db2c2 100644
--- a/security.rst
+++ b/security.rst
@@ -1019,6 +1019,12 @@ After this, you have protected your login form against CSRF attacks.
     the token ID by setting  ``csrf_token_id`` in your configuration. See
     :ref:`reference-security-firewall-form-login` for more details.
 
+.. tip::
+
+    the ``data-controller`` part is related to the usage of
+    https://symfony.com/doc/current/security/csrf.html#generating-csrf-token-using-javascript
+    It can be removed if you use statefull session storage, not stateless.
+
 .. _security-json-login:
 
 JSON Login