[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
This commit is contained in:
parent
60ddf9ee7a
commit
9e8231ff0b
@ -21,6 +21,7 @@ use Symfony\Component\Config\Definition\ConfigurationInterface;
|
||||
use Symfony\Component\Form\Form;
|
||||
use Symfony\Component\Lock\Lock;
|
||||
use Symfony\Component\Lock\Store\SemaphoreStore;
|
||||
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
|
||||
use Symfony\Component\Serializer\Serializer;
|
||||
use Symfony\Component\Translation\Translator;
|
||||
use Symfony\Component\Validator\Validation;
|
||||
@ -142,7 +143,14 @@ class Configuration implements ConfigurationInterface
|
||||
$rootNode
|
||||
->children()
|
||||
->arrayNode('csrf_protection')
|
||||
->canBeEnabled()
|
||||
->treatFalseLike(array('enabled' => false))
|
||||
->treatTrueLike(array('enabled' => true))
|
||||
->treatNullLike(array('enabled' => true))
|
||||
->addDefaultsIfNotSet()
|
||||
->children()
|
||||
// defaults to framework.session.enabled && !class_exists(FullStack::class) && interface_exists(CsrfTokenManagerInterface::class)
|
||||
->booleanNode('enabled')->defaultNull()->end()
|
||||
->end()
|
||||
->end()
|
||||
->end()
|
||||
;
|
||||
|
@ -17,6 +17,7 @@ use Symfony\Bridge\Monolog\Processor\DebugProcessor;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
|
||||
use Symfony\Bundle\FrameworkBundle\Routing\AnnotatedRouteControllerLoader;
|
||||
use Symfony\Bundle\FullStack;
|
||||
use Symfony\Component\Cache\Adapter\AbstractAdapter;
|
||||
use Symfony\Component\Cache\Adapter\AdapterInterface;
|
||||
use Symfony\Component\Cache\Adapter\ArrayAdapter;
|
||||
@ -63,6 +64,7 @@ use Symfony\Component\PropertyInfo\PropertyTypeExtractorInterface;
|
||||
use Symfony\Component\Routing\Loader\AnnotationDirectoryLoader;
|
||||
use Symfony\Component\Routing\Loader\AnnotationFileLoader;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
|
||||
use Symfony\Component\Serializer\Encoder\DecoderInterface;
|
||||
use Symfony\Component\Serializer\Encoder\EncoderInterface;
|
||||
use Symfony\Component\Serializer\Mapping\Factory\CacheClassMetadataFactory;
|
||||
@ -229,6 +231,11 @@ class FrameworkExtension extends Extension
|
||||
$this->registerRequestConfiguration($config['request'], $container, $loader);
|
||||
}
|
||||
|
||||
if (null === $config['csrf_protection']['enabled']) {
|
||||
$config['csrf_protection']['enabled'] = $this->sessionConfigEnabled && !class_exists(FullStack::class) && interface_exists(CsrfTokenManagerInterface::class);
|
||||
}
|
||||
$this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
|
||||
|
||||
if ($this->isConfigEnabled($container, $config['form'])) {
|
||||
if (!class_exists('Symfony\Component\Form\Form')) {
|
||||
throw new LogicException('Form support cannot be enabled as the Form component is not installed.');
|
||||
@ -249,8 +256,6 @@ class FrameworkExtension extends Extension
|
||||
$container->removeDefinition('console.command.form_debug');
|
||||
}
|
||||
|
||||
$this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
|
||||
|
||||
if ($this->isConfigEnabled($container, $config['assets'])) {
|
||||
if (!class_exists('Symfony\Component\Asset\Package')) {
|
||||
throw new LogicException('Asset support cannot be enabled as the Asset component is not installed.');
|
||||
|
Reference in New Issue
Block a user