[Form] CSRF token is now only validated for root form
This commit is contained in:
parent
4372bd5dc8
commit
d2b07058f4
@ -34,9 +34,10 @@ class CsrfType extends AbstractType
|
|||||||
$builder
|
$builder
|
||||||
->setData($csrfProvider->generateCsrfToken($pageId))
|
->setData($csrfProvider->generateCsrfToken($pageId))
|
||||||
->addValidator(new CallbackValidator(
|
->addValidator(new CallbackValidator(
|
||||||
function (FormInterface $field) use ($csrfProvider, $pageId) {
|
function (FormInterface $form) use ($csrfProvider, $pageId) {
|
||||||
if (!$csrfProvider->isCsrfTokenValid($pageId, $field->getData())) {
|
if ($form->hasParent() && $form->getParent()->isRoot()
|
||||||
$field->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
|
&& !$csrfProvider->isCsrfTokenValid($pageId, $form->getData())) {
|
||||||
|
$form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
));
|
));
|
||||||
|
Reference in New Issue
Block a user