bug #16521 [3.0] Revert removal of framework.csrf_protection section (WouterJ)
This PR was merged into the 3.0-dev branch.
Discussion
----------
[3.0] Revert removal of framework.csrf_protection section
| Q | A
| ------------- | ---
| Bug fix? | [yes|no]
| New feature? | [yes|no]
| BC breaks? | [yes|no]
| Deprecations? | [yes|no]
| Tests pass? | yes
| Fixed tickets | #16508
| License | MIT
| Doc PR | -
This section was incorrectly removed from Symfony 3, only the `field_name` setting was removed. Disabling/enabling CSRF seperately from the froms is not deprecated and should not be removed.
/cc @symfony/deciders please merge quickly, it's holding up bundles with functional tests wanting to support to Symfony 3
Commits
-------
6f2782b Revert removal of framework.csrf_protection section
This commit is contained in:
Fabien Potencier
commit
e5928f7d61
@ -85,6 +85,7 @@ class Configuration implements ConfigurationInterface
|
|||||||
->end()
|
->end()
|
||||||
;
|
;
|
||||||
|
|
||||||
|
$this->addCsrfSection($rootNode);
|
||||||
$this->addFormSection($rootNode);
|
$this->addFormSection($rootNode);
|
||||||
$this->addEsiSection($rootNode);
|
$this->addEsiSection($rootNode);
|
||||||
$this->addSsiSection($rootNode);
|
$this->addSsiSection($rootNode);
|
||||||
@ -105,6 +106,17 @@ class Configuration implements ConfigurationInterface
|
|||||||
return $treeBuilder;
|
return $treeBuilder;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function addCsrfSection(ArrayNodeDefinition $rootNode)
|
||||||
|
{
|
||||||
|
$rootNode
|
||||||
|
->children()
|
||||||
|
->arrayNode('csrf_protection')
|
||||||
|
->canBeEnabled()
|
||||||
|
->end()
|
||||||
|
->end()
|
||||||
|
;
|
||||||
|
}
|
||||||
|
|
||||||
private function addFormSection(ArrayNodeDefinition $rootNode)
|
private function addFormSection(ArrayNodeDefinition $rootNode)
|
||||||
{
|
{
|
||||||
$rootNode
|
$rootNode
|
||||||
@ -114,8 +126,12 @@ class Configuration implements ConfigurationInterface
|
|||||||
->canBeEnabled()
|
->canBeEnabled()
|
||||||
->children()
|
->children()
|
||||||
->arrayNode('csrf_protection')
|
->arrayNode('csrf_protection')
|
||||||
->canBeEnabled()
|
->treatFalseLike(array('enabled' => false))
|
||||||
|
->treatTrueLike(array('enabled' => true))
|
||||||
|
->treatNullLike(array('enabled' => true))
|
||||||
|
->addDefaultsIfNotSet()
|
||||||
->children()
|
->children()
|
||||||
|
->booleanNode('enabled')->defaultNull()->end() // defaults to framework.csrf_protection.enabled
|
||||||
->scalarNode('field_name')->defaultValue('_token')->end()
|
->scalarNode('field_name')->defaultValue('_token')->end()
|
||||||
->end()
|
->end()
|
||||||
->end()
|
->end()
|
||||||
|
|||||||
@ -97,7 +97,7 @@ class FrameworkExtension extends Extension
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->registerSecurityCsrfConfiguration($config['form']['csrf_protection'], $container, $loader);
|
$this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
|
||||||
|
|
||||||
if (isset($config['assets'])) {
|
if (isset($config['assets'])) {
|
||||||
$this->registerAssetsConfiguration($config['assets'], $container, $loader);
|
$this->registerAssetsConfiguration($config['assets'], $container, $loader);
|
||||||
@ -198,6 +198,9 @@ class FrameworkExtension extends Extension
|
|||||||
private function registerFormConfiguration($config, ContainerBuilder $container, XmlFileLoader $loader)
|
private function registerFormConfiguration($config, ContainerBuilder $container, XmlFileLoader $loader)
|
||||||
{
|
{
|
||||||
$loader->load('form.xml');
|
$loader->load('form.xml');
|
||||||
|
if (null === $config['form']['csrf_protection']['enabled']) {
|
||||||
|
$config['form']['csrf_protection']['enabled'] = $config['csrf_protection']['enabled'];
|
||||||
|
}
|
||||||
|
|
||||||
if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
|
if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
|
||||||
$loader->load('form_csrf.xml');
|
$loader->load('form_csrf.xml');
|
||||||
|
|||||||
@ -11,6 +11,7 @@
|
|||||||
<xsd:all>
|
<xsd:all>
|
||||||
<xsd:element name="assets" type="assets" minOccurs="0" maxOccurs="1" />
|
<xsd:element name="assets" type="assets" minOccurs="0" maxOccurs="1" />
|
||||||
<xsd:element name="form" type="form" minOccurs="0" maxOccurs="1" />
|
<xsd:element name="form" type="form" minOccurs="0" maxOccurs="1" />
|
||||||
|
<xsd:element name="csrf-protection" type="csrf_protection" minOccurs="0" maxOccurs="1" />
|
||||||
<xsd:element name="esi" type="esi" minOccurs="0" maxOccurs="1" />
|
<xsd:element name="esi" type="esi" minOccurs="0" maxOccurs="1" />
|
||||||
<xsd:element name="fragments" type="fragments" minOccurs="0" maxOccurs="1" />
|
<xsd:element name="fragments" type="fragments" minOccurs="0" maxOccurs="1" />
|
||||||
<xsd:element name="profiler" type="profiler" minOccurs="0" maxOccurs="1" />
|
<xsd:element name="profiler" type="profiler" minOccurs="0" maxOccurs="1" />
|
||||||
@ -46,6 +47,10 @@
|
|||||||
<xsd:attribute name="field-name" type="xsd:string" />
|
<xsd:attribute name="field-name" type="xsd:string" />
|
||||||
</xsd:complexType>
|
</xsd:complexType>
|
||||||
|
|
||||||
|
<xsd:complexType name="csrf_protection">
|
||||||
|
<xsd:attribute name="enabled" type="xsd:boolean" />
|
||||||
|
</xsd:complexType>
|
||||||
|
|
||||||
<xsd:complexType name="esi">
|
<xsd:complexType name="esi">
|
||||||
<xsd:attribute name="enabled" type="xsd:boolean" />
|
<xsd:attribute name="enabled" type="xsd:boolean" />
|
||||||
</xsd:complexType>
|
</xsd:complexType>
|
||||||
|
|||||||
@ -123,10 +123,13 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
|
|||||||
'trusted_proxies' => array(),
|
'trusted_proxies' => array(),
|
||||||
'ide' => null,
|
'ide' => null,
|
||||||
'default_locale' => 'en',
|
'default_locale' => 'en',
|
||||||
|
'csrf_protection' => array(
|
||||||
|
'enabled' => false,
|
||||||
|
),
|
||||||
'form' => array(
|
'form' => array(
|
||||||
'enabled' => false,
|
'enabled' => false,
|
||||||
'csrf_protection' => array(
|
'csrf_protection' => array(
|
||||||
'enabled' => false,
|
'enabled' => null, // defaults to csrf_protection.enabled
|
||||||
'field_name' => '_token',
|
'field_name' => '_token',
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|||||||
@ -1,10 +1,8 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
$container->loadFromExtension('framework', array(
|
$container->loadFromExtension('framework', array(
|
||||||
'form' => array(
|
'csrf_protection' => true,
|
||||||
'enabled' => true,
|
'form' => true,
|
||||||
'csrf_protection' => true,
|
|
||||||
),
|
|
||||||
'session' => array(
|
'session' => array(
|
||||||
'handler_id' => null,
|
'handler_id' => null,
|
||||||
),
|
),
|
||||||
|
|||||||
@ -1,9 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
$container->loadFromExtension('framework', array(
|
|
||||||
'form' => array(
|
|
||||||
'csrf_protection' => array(
|
|
||||||
'enabled' => false,
|
|
||||||
),
|
|
||||||
),
|
|
||||||
));
|
|
||||||
@ -1,9 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
$container->loadFromExtension('framework', array(
|
$container->loadFromExtension('framework', array(
|
||||||
'form' => array(
|
'csrf_protection' => array(
|
||||||
'csrf_protection' => array(
|
'enabled' => true,
|
||||||
'enabled' => true,
|
|
||||||
),
|
|
||||||
),
|
),
|
||||||
));
|
));
|
||||||
|
|||||||
@ -1,14 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
$container->loadFromExtension('framework', array(
|
|
||||||
'form' => array(
|
|
||||||
'enabled' => true,
|
|
||||||
'field_name' => '_custom',
|
|
||||||
'csrf_protection' => array(
|
|
||||||
'enabled' => true,
|
|
||||||
),
|
|
||||||
),
|
|
||||||
'session' => array(
|
|
||||||
'handler_id' => null,
|
|
||||||
),
|
|
||||||
));
|
|
||||||
@ -1,13 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
$container->loadFromExtension('framework', array(
|
|
||||||
'form' => array(
|
|
||||||
'enabled' => true,
|
|
||||||
'csrf_protection' => array(
|
|
||||||
'field_name' => '_custom_form',
|
|
||||||
),
|
|
||||||
),
|
|
||||||
'session' => array(
|
|
||||||
'handler_id' => null,
|
|
||||||
),
|
|
||||||
));
|
|
||||||
@ -2,7 +2,8 @@
|
|||||||
|
|
||||||
$container->loadFromExtension('framework', array(
|
$container->loadFromExtension('framework', array(
|
||||||
'form' => array(
|
'form' => array(
|
||||||
'enabled' => true,
|
'csrf_protection' => array(
|
||||||
'csrf_protection' => false,
|
'enabled' => false,
|
||||||
|
),
|
||||||
),
|
),
|
||||||
));
|
));
|
||||||
|
|||||||
@ -3,9 +3,9 @@
|
|||||||
$container->loadFromExtension('framework', array(
|
$container->loadFromExtension('framework', array(
|
||||||
'secret' => 's3cr3t',
|
'secret' => 's3cr3t',
|
||||||
'default_locale' => 'fr',
|
'default_locale' => 'fr',
|
||||||
|
'csrf_protection' => true,
|
||||||
'form' => array(
|
'form' => array(
|
||||||
'csrf_protection' => array(
|
'csrf_protection' => array(
|
||||||
'enabled' => true,
|
|
||||||
'field_name' => '_csrf',
|
'field_name' => '_csrf',
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|||||||
@ -7,10 +7,8 @@
|
|||||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||||
|
|
||||||
<framework:config>
|
<framework:config>
|
||||||
<framework:form>
|
<framework:csrf-protection />
|
||||||
<framework:csrf-protection />
|
<framework:form />
|
||||||
</framework:form>
|
|
||||||
|
|
||||||
<framework:session />
|
<framework:session />
|
||||||
</framework:config>
|
</framework:config>
|
||||||
</container>
|
</container>
|
||||||
|
|||||||
@ -7,8 +7,6 @@
|
|||||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||||
|
|
||||||
<framework:config>
|
<framework:config>
|
||||||
<framework:form>
|
<framework:csrf-protection enabled="false" />
|
||||||
<framework:csrf-protection enabled="false" />
|
|
||||||
</framework:form>
|
|
||||||
</framework:config>
|
</framework:config>
|
||||||
</container>
|
</container>
|
||||||
|
|||||||
@ -7,8 +7,6 @@
|
|||||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||||
|
|
||||||
<framework:config>
|
<framework:config>
|
||||||
<framework:form>
|
<framework:csrf-protection />
|
||||||
<framework:csrf-protection />
|
|
||||||
</framework:form>
|
|
||||||
</framework:config>
|
</framework:config>
|
||||||
</container>
|
</container>
|
||||||
|
|||||||
@ -7,9 +7,8 @@
|
|||||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||||
|
|
||||||
<framework:config>
|
<framework:config>
|
||||||
<framework:form>
|
<framework:csrf-protection field-name="_custom" />
|
||||||
<framework:csrf-protection field-name="_custom" />
|
|
||||||
</framework:form>
|
|
||||||
<framework:session />
|
<framework:session />
|
||||||
|
<framework:form />
|
||||||
</framework:config>
|
</framework:config>
|
||||||
</container>
|
</container>
|
||||||
|
|||||||
@ -7,9 +7,8 @@
|
|||||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||||
|
|
||||||
<framework:config>
|
<framework:config>
|
||||||
<framework:form>
|
<framework:csrf-protection field-name="_custom_form" />
|
||||||
<framework:csrf-protection field-name="_custom_form" />
|
<framework:form />
|
||||||
</framework:form>
|
|
||||||
<framework:session />
|
<framework:session />
|
||||||
</framework:config>
|
</framework:config>
|
||||||
</container>
|
</container>
|
||||||
|
|||||||
@ -7,8 +7,9 @@
|
|||||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||||
|
|
||||||
<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" trusted-proxies="127.0.0.1, 10.0.0.1" http-method-override="false">
|
<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" trusted-proxies="127.0.0.1, 10.0.0.1" http-method-override="false">
|
||||||
|
<framework:csrf-protection />
|
||||||
<framework:form>
|
<framework:form>
|
||||||
<framework:csrf-protection enabled="true" field-name="_csrf"/>
|
<framework:csrf-protection field-name="_csrf"/>
|
||||||
</framework:form>
|
</framework:form>
|
||||||
<framework:esi enabled="true" />
|
<framework:esi enabled="true" />
|
||||||
<framework:profiler only-exceptions="true" enabled="false" />
|
<framework:profiler only-exceptions="true" enabled="false" />
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
framework:
|
framework:
|
||||||
secret: s3cr3t
|
secret: s3cr3t
|
||||||
form:
|
csrf_protection: ~
|
||||||
csrf_protection: true
|
form: ~
|
||||||
session: ~
|
session: ~
|
||||||
|
|||||||
@ -1,3 +0,0 @@
|
|||||||
framework:
|
|
||||||
form:
|
|
||||||
csrf_protection: false
|
|
||||||
@ -1,3 +1,2 @@
|
|||||||
framework:
|
framework:
|
||||||
form:
|
csrf_protection: ~
|
||||||
csrf_protection: ~
|
|
||||||
|
|||||||
@ -1,5 +0,0 @@
|
|||||||
framework:
|
|
||||||
form:
|
|
||||||
csrf_protection:
|
|
||||||
field_name: _custom_form
|
|
||||||
session: ~
|
|
||||||
@ -1,6 +1,7 @@
|
|||||||
framework:
|
framework:
|
||||||
secret: s3cr3t
|
secret: s3cr3t
|
||||||
default_locale: fr
|
default_locale: fr
|
||||||
|
csrf_protection: true
|
||||||
form:
|
form:
|
||||||
csrf_protection:
|
csrf_protection:
|
||||||
field_name: _csrf
|
field_name: _csrf
|
||||||
|
|||||||
@ -24,7 +24,7 @@ abstract class FrameworkExtensionTest extends TestCase
|
|||||||
{
|
{
|
||||||
abstract protected function loadFromFile(ContainerBuilder $container, $file);
|
abstract protected function loadFromFile(ContainerBuilder $container, $file);
|
||||||
|
|
||||||
public function testCsrfProtection()
|
public function testFormCsrfProtection()
|
||||||
{
|
{
|
||||||
$container = $this->createContainerFromFile('full');
|
$container = $this->createContainerFromFile('full');
|
||||||
|
|
||||||
|
|||||||
@ -2,9 +2,8 @@ framework:
|
|||||||
secret: test
|
secret: test
|
||||||
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
||||||
validation: { enabled: true, enable_annotations: true }
|
validation: { enabled: true, enable_annotations: true }
|
||||||
form:
|
csrf_protection: true
|
||||||
csrf_protection:
|
form: true
|
||||||
enabled: true
|
|
||||||
test: ~
|
test: ~
|
||||||
default_locale: en
|
default_locale: en
|
||||||
session:
|
session:
|
||||||
|
|||||||
@ -1,10 +1,9 @@
|
|||||||
framework:
|
framework:
|
||||||
secret: test
|
secret: test
|
||||||
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
||||||
validation: { enabled: true, enable_annotations: true }
|
validation: { enabled: true, enable_annotations: true }
|
||||||
form:
|
csrf_protection: true
|
||||||
csrf_protection:
|
form: true
|
||||||
enabled: true
|
|
||||||
test: ~
|
test: ~
|
||||||
default_locale: en
|
default_locale: en
|
||||||
session:
|
session:
|
||||||
|
|||||||
@ -1,15 +1,14 @@
|
|||||||
framework:
|
framework:
|
||||||
secret: test
|
secret: test
|
||||||
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
|
||||||
validation: { enabled: true, enable_annotations: true }
|
validation: { enabled: true, enable_annotations: true }
|
||||||
assets: ~
|
assets: ~
|
||||||
form:
|
csrf_protection: true
|
||||||
csrf_protection:
|
form: true
|
||||||
enabled: true
|
|
||||||
test: ~
|
test: ~
|
||||||
default_locale: en
|
default_locale: en
|
||||||
session:
|
session:
|
||||||
storage_id: session.storage.mock_file
|
storage_id: session.storage.mock_file
|
||||||
profiler: { only_exceptions: false }
|
profiler: { only_exceptions: false }
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|||||||
Reference in New Issue
Block a user