bug #16521 [3.0] Revert removal of framework.csrf_protection section (WouterJ)
This PR was merged into the 3.0-dev branch.
Discussion
----------
[3.0] Revert removal of framework.csrf_protection section
| Q | A
| ------------- | ---
| Bug fix? | [yes|no]
| New feature? | [yes|no]
| BC breaks? | [yes|no]
| Deprecations? | [yes|no]
| Tests pass? | yes
| Fixed tickets | #16508
| License | MIT
| Doc PR | -
This section was incorrectly removed from Symfony 3, only the `field_name` setting was removed. Disabling/enabling CSRF seperately from the froms is not deprecated and should not be removed.
/cc @symfony/deciders please merge quickly, it's holding up bundles with functional tests wanting to support to Symfony 3
Commits
-------
6f2782b Revert removal of framework.csrf_protection section
This commit is contained in:
Fabien Potencier
commit
e5928f7d61
|
|
@ -85,6 +85,7 @@ class Configuration implements ConfigurationInterface
|
|||
->end()
|
||||
;
|
||||
|
||||
$this->addCsrfSection($rootNode);
|
||||
$this->addFormSection($rootNode);
|
||||
$this->addEsiSection($rootNode);
|
||||
$this->addSsiSection($rootNode);
|
||||
|
|
@ -105,6 +106,17 @@ class Configuration implements ConfigurationInterface
|
|||
return $treeBuilder;
|
||||
}
|
||||
|
||||
private function addCsrfSection(ArrayNodeDefinition $rootNode)
|
||||
{
|
||||
$rootNode
|
||||
->children()
|
||||
->arrayNode('csrf_protection')
|
||||
->canBeEnabled()
|
||||
->end()
|
||||
->end()
|
||||
;
|
||||
}
|
||||
|
||||
private function addFormSection(ArrayNodeDefinition $rootNode)
|
||||
{
|
||||
$rootNode
|
||||
|
|
@ -114,8 +126,12 @@ class Configuration implements ConfigurationInterface
|
|||
->canBeEnabled()
|
||||
->children()
|
||||
->arrayNode('csrf_protection')
|
||||
->canBeEnabled()
|
||||
->treatFalseLike(array('enabled' => false))
|
||||
->treatTrueLike(array('enabled' => true))
|
||||
->treatNullLike(array('enabled' => true))
|
||||
->addDefaultsIfNotSet()
|
||||
->children()
|
||||
->booleanNode('enabled')->defaultNull()->end() // defaults to framework.csrf_protection.enabled
|
||||
->scalarNode('field_name')->defaultValue('_token')->end()
|
||||
->end()
|
||||
->end()
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ class FrameworkExtension extends Extension
|
|||
}
|
||||
}
|
||||
|
||||
$this->registerSecurityCsrfConfiguration($config['form']['csrf_protection'], $container, $loader);
|
||||
$this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
|
||||
|
||||
if (isset($config['assets'])) {
|
||||
$this->registerAssetsConfiguration($config['assets'], $container, $loader);
|
||||
|
|
@ -198,6 +198,9 @@ class FrameworkExtension extends Extension
|
|||
private function registerFormConfiguration($config, ContainerBuilder $container, XmlFileLoader $loader)
|
||||
{
|
||||
$loader->load('form.xml');
|
||||
if (null === $config['form']['csrf_protection']['enabled']) {
|
||||
$config['form']['csrf_protection']['enabled'] = $config['csrf_protection']['enabled'];
|
||||
}
|
||||
|
||||
if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
|
||||
$loader->load('form_csrf.xml');
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
<xsd:all>
|
||||
<xsd:element name="assets" type="assets" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="form" type="form" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="csrf-protection" type="csrf_protection" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="esi" type="esi" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="fragments" type="fragments" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="profiler" type="profiler" minOccurs="0" maxOccurs="1" />
|
||||
|
|
@ -46,6 +47,10 @@
|
|||
<xsd:attribute name="field-name" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="csrf_protection">
|
||||
<xsd:attribute name="enabled" type="xsd:boolean" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="esi">
|
||||
<xsd:attribute name="enabled" type="xsd:boolean" />
|
||||
</xsd:complexType>
|
||||
|
|
|
|||
|
|
@ -123,10 +123,13 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
|
|||
'trusted_proxies' => array(),
|
||||
'ide' => null,
|
||||
'default_locale' => 'en',
|
||||
'csrf_protection' => array(
|
||||
'enabled' => false,
|
||||
),
|
||||
'form' => array(
|
||||
'enabled' => false,
|
||||
'csrf_protection' => array(
|
||||
'enabled' => false,
|
||||
'enabled' => null, // defaults to csrf_protection.enabled
|
||||
'field_name' => '_token',
|
||||
),
|
||||
),
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
<?php
|
||||
|
||||
$container->loadFromExtension('framework', array(
|
||||
'form' => array(
|
||||
'enabled' => true,
|
||||
'csrf_protection' => true,
|
||||
),
|
||||
'csrf_protection' => true,
|
||||
'form' => true,
|
||||
'session' => array(
|
||||
'handler_id' => null,
|
||||
),
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
<?php
|
||||
|
||||
$container->loadFromExtension('framework', array(
|
||||
'form' => array(
|
||||
'csrf_protection' => array(
|
||||
'enabled' => false,
|
||||
),
|
||||
),
|
||||
));
|
||||
|
|
@ -1,9 +1,7 @@
|
|||
<?php
|
||||
|
||||
$container->loadFromExtension('framework', array(
|
||||
'form' => array(
|
||||
'csrf_protection' => array(
|
||||
'enabled' => true,
|
||||
),
|
||||
'csrf_protection' => array(
|
||||
'enabled' => true,
|
||||
),
|
||||
));
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
<?php
|
||||
|
||||
$container->loadFromExtension('framework', array(
|
||||
'form' => array(
|
||||
'enabled' => true,
|
||||
'field_name' => '_custom',
|
||||
'csrf_protection' => array(
|
||||
'enabled' => true,
|
||||
),
|
||||
),
|
||||
'session' => array(
|
||||
'handler_id' => null,
|
||||
),
|
||||
));
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
<?php
|
||||
|
||||
$container->loadFromExtension('framework', array(
|
||||
'form' => array(
|
||||
'enabled' => true,
|
||||
'csrf_protection' => array(
|
||||
'field_name' => '_custom_form',
|
||||
),
|
||||
),
|
||||
'session' => array(
|
||||
'handler_id' => null,
|
||||
),
|
||||
));
|
||||
|
|
@ -2,7 +2,8 @@
|
|||
|
||||
$container->loadFromExtension('framework', array(
|
||||
'form' => array(
|
||||
'enabled' => true,
|
||||
'csrf_protection' => false,
|
||||
'csrf_protection' => array(
|
||||
'enabled' => false,
|
||||
),
|
||||
),
|
||||
));
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
$container->loadFromExtension('framework', array(
|
||||
'secret' => 's3cr3t',
|
||||
'default_locale' => 'fr',
|
||||
'csrf_protection' => true,
|
||||
'form' => array(
|
||||
'csrf_protection' => array(
|
||||
'enabled' => true,
|
||||
'field_name' => '_csrf',
|
||||
),
|
||||
),
|
||||
|
|
|
|||
|
|
@ -7,10 +7,8 @@
|
|||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config>
|
||||
<framework:form>
|
||||
<framework:csrf-protection />
|
||||
</framework:form>
|
||||
|
||||
<framework:csrf-protection />
|
||||
<framework:form />
|
||||
<framework:session />
|
||||
</framework:config>
|
||||
</container>
|
||||
|
|
|
|||
|
|
@ -7,8 +7,6 @@
|
|||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config>
|
||||
<framework:form>
|
||||
<framework:csrf-protection enabled="false" />
|
||||
</framework:form>
|
||||
<framework:csrf-protection enabled="false" />
|
||||
</framework:config>
|
||||
</container>
|
||||
|
|
|
|||
|
|
@ -7,8 +7,6 @@
|
|||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config>
|
||||
<framework:form>
|
||||
<framework:csrf-protection />
|
||||
</framework:form>
|
||||
<framework:csrf-protection />
|
||||
</framework:config>
|
||||
</container>
|
||||
|
|
|
|||
|
|
@ -7,9 +7,8 @@
|
|||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config>
|
||||
<framework:form>
|
||||
<framework:csrf-protection field-name="_custom" />
|
||||
</framework:form>
|
||||
<framework:csrf-protection field-name="_custom" />
|
||||
<framework:session />
|
||||
<framework:form />
|
||||
</framework:config>
|
||||
</container>
|
||||
|
|
|
|||
|
|
@ -7,9 +7,8 @@
|
|||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config>
|
||||
<framework:form>
|
||||
<framework:csrf-protection field-name="_custom_form" />
|
||||
</framework:form>
|
||||
<framework:csrf-protection field-name="_custom_form" />
|
||||
<framework:form />
|
||||
<framework:session />
|
||||
</framework:config>
|
||||
</container>
|
||||
|
|
|
|||
|
|
@ -7,8 +7,9 @@
|
|||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" trusted-proxies="127.0.0.1, 10.0.0.1" http-method-override="false">
|
||||
<framework:csrf-protection />
|
||||
<framework:form>
|
||||
<framework:csrf-protection enabled="true" field-name="_csrf"/>
|
||||
<framework:csrf-protection field-name="_csrf"/>
|
||||
</framework:form>
|
||||
<framework:esi enabled="true" />
|
||||
<framework:profiler only-exceptions="true" enabled="false" />
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
framework:
|
||||
secret: s3cr3t
|
||||
form:
|
||||
csrf_protection: true
|
||||
csrf_protection: ~
|
||||
form: ~
|
||||
session: ~
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
framework:
|
||||
form:
|
||||
csrf_protection: false
|
||||
|
|
@ -1,3 +1,2 @@
|
|||
framework:
|
||||
form:
|
||||
csrf_protection: ~
|
||||
csrf_protection: ~
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
framework:
|
||||
form:
|
||||
csrf_protection:
|
||||
field_name: _custom_form
|
||||
session: ~
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
framework:
|
||||
secret: s3cr3t
|
||||
default_locale: fr
|
||||
csrf_protection: true
|
||||
form:
|
||||
csrf_protection:
|
||||
field_name: _csrf
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ abstract class FrameworkExtensionTest extends TestCase
|
|||
{
|
||||
abstract protected function loadFromFile(ContainerBuilder $container, $file);
|
||||
|
||||
public function testCsrfProtection()
|
||||
public function testFormCsrfProtection()
|
||||
{
|
||||
$container = $this->createContainerFromFile('full');
|
||||
|
||||
|
|
|
|||
|
|
@ -2,9 +2,8 @@ framework:
|
|||
secret: test
|
||||
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
||||
validation: { enabled: true, enable_annotations: true }
|
||||
form:
|
||||
csrf_protection:
|
||||
enabled: true
|
||||
csrf_protection: true
|
||||
form: true
|
||||
test: ~
|
||||
default_locale: en
|
||||
session:
|
||||
|
|
|
|||
|
|
@ -1,10 +1,9 @@
|
|||
framework:
|
||||
secret: test
|
||||
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
||||
validation: { enabled: true, enable_annotations: true }
|
||||
form:
|
||||
csrf_protection:
|
||||
enabled: true
|
||||
secret: test
|
||||
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
||||
validation: { enabled: true, enable_annotations: true }
|
||||
csrf_protection: true
|
||||
form: true
|
||||
test: ~
|
||||
default_locale: en
|
||||
session:
|
||||
|
|
|
|||
|
|
@ -1,15 +1,14 @@
|
|||
framework:
|
||||
secret: test
|
||||
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
||||
validation: { enabled: true, enable_annotations: true }
|
||||
secret: test
|
||||
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
||||
validation: { enabled: true, enable_annotations: true }
|
||||
assets: ~
|
||||
form:
|
||||
csrf_protection:
|
||||
enabled: true
|
||||
csrf_protection: true
|
||||
form: true
|
||||
test: ~
|
||||
default_locale: en
|
||||
session:
|
||||
storage_id: session.storage.mock_file
|
||||
storage_id: session.storage.mock_file
|
||||
profiler: { only_exceptions: false }
|
||||
|
||||
services:
|
||||
|
|
|
|||
Reference in New Issue