added a way to activate CSRF protection from the configuration
This commit is contained in:
parent
0de1c08d8d
commit
226277fd0e
@ -52,6 +52,12 @@ class WebExtension extends Extension
|
||||
$container->setParameter('debug.file_link_format', 'txmt://open?url=file://%%f&line=%%l');
|
||||
}
|
||||
|
||||
foreach (array('csrf_secret', 'csrf-secret') as $key) {
|
||||
if (isset($config[$key])) {
|
||||
$container->setParameter('csrf_secret', $config[$key]);
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($config['router'])) {
|
||||
if (!$container->hasDefinition('router')) {
|
||||
$loader->load($this->resources['routing']);
|
||||
|
@ -3,6 +3,7 @@
|
||||
namespace Symfony\Bundle\FrameworkBundle;
|
||||
|
||||
use Symfony\Framework\Bundle\Bundle;
|
||||
use Symfony\Component\Form\Form;
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony framework.
|
||||
@ -20,4 +21,14 @@ use Symfony\Framework\Bundle\Bundle;
|
||||
*/
|
||||
class FrameworkBundle extends Bundle
|
||||
{
|
||||
/**
|
||||
* Boots the Bundle.
|
||||
*/
|
||||
public function boot()
|
||||
{
|
||||
if ($secret = $this->container->getParameter('csrf_secret')) {
|
||||
Form::setDefaultCsrfSecret($secret);
|
||||
Form::enableDefaultCsrfProtection();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -17,6 +17,7 @@
|
||||
</xsd:sequence>
|
||||
|
||||
<xsd:attribute name="ide" type="xsd:string" />
|
||||
<xsd:attribute name="csrf-secret" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="profiler">
|
||||
|
@ -6,6 +6,7 @@ $container->loadFromExtension('kernel', 'config', array(
|
||||
));
|
||||
|
||||
$container->loadFromExtension('web', 'config', array(
|
||||
'csrf-secret' => 'xxxxxxxxxx',
|
||||
'router' => array('resource' => '%kernel.root_dir%/config/routing.php'),
|
||||
'validation' => array('enabled' => true, 'annotations' => true),
|
||||
));
|
||||
|
@ -20,7 +20,7 @@
|
||||
error_handler="null"
|
||||
/>
|
||||
|
||||
<web:config>
|
||||
<web:config csrf-secret="xxxxxxxxxx">
|
||||
<web:router resource="%kernel.root_dir%/config/routing.xml" />
|
||||
<web:validation enabled="true" annotations="true" />
|
||||
</web:config>
|
||||
|
@ -3,6 +3,7 @@ kernel.config:
|
||||
error_handler: null
|
||||
|
||||
web.config:
|
||||
csrf_secret: xxxxxxxxxx
|
||||
router: { resource: "%kernel.root_dir%/config/routing.yml" }
|
||||
validation: { enabled: true, annotations: true }
|
||||
|
||||
|
@ -32,7 +32,7 @@ class Form extends FieldGroup
|
||||
{
|
||||
protected static $defaultCsrfSecret = null;
|
||||
protected static $defaultCsrfProtection = false;
|
||||
protected static $defaultCsrfFieldName = '_csrf_token';
|
||||
protected static $defaultCsrfFieldName = '_token';
|
||||
protected static $defaultLocale = null;
|
||||
protected static $defaultTranslator = null;
|
||||
|
||||
|
Reference in New Issue
Block a user