[Form] CSRF token is now only validated for root form
This commit is contained in:
parent
4372bd5dc8
commit
d2b07058f4
@ -34,9 +34,10 @@ class CsrfType extends AbstractType
|
||||
$builder
|
||||
->setData($csrfProvider->generateCsrfToken($pageId))
|
||||
->addValidator(new CallbackValidator(
|
||||
function (FormInterface $field) use ($csrfProvider, $pageId) {
|
||||
if (!$csrfProvider->isCsrfTokenValid($pageId, $field->getData())) {
|
||||
$field->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
|
||||
function (FormInterface $form) use ($csrfProvider, $pageId) {
|
||||
if ($form->hasParent() && $form->getParent()->isRoot()
|
||||
&& !$csrfProvider->isCsrfTokenValid($pageId, $form->getData())) {
|
||||
$form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
|
||||
}
|
||||
}
|
||||
));
|
||||
|
Reference in New Issue
Block a user