diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[FrameworkBundle] CSRF should be on by default

Browse Source
This commit is contained in:
Victor 2013-02-13 12:09:10 +01:00 committed by Fabien Potencier
parent b38ab51271
commit f842ae6d99
4 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
View File

@ -94,7 +94,7 @@ class Configuration implements ConfigurationInterface
->canBeEnabled()
->end()
->arrayNode('csrf_protection')
->canBeEnabled()
->canBeDisabled()
->children()
->scalarNode('field_name')->defaultValue('_token')->end()
->end()

2
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
View File

@ -94,7 +94,7 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
'default_locale' => 'en',
'form' => array('enabled' => false),
'csrf_protection' => array(
'enabled' => false,
'enabled' => true,
'field_name' => '_token',
),
'esi' => array('enabled' => false),

6
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf.yml Normal file
View File

@ -0,0 +1,6 @@
framework:
secret: s3cr3t
form: ~
session: ~
# CSRF should be enabled by default
# csrf_protection: ~

7
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/YamlFrameworkExtensionTest.php
View File

@ -22,4 +22,11 @@ class YamlFrameworkExtensionTest extends FrameworkExtensionTest
$loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/yml'));
$loader->load($file.'.yml');
}
public function testCsrfProtectionShouldBeEnabledByDefault()
{
$container = $this->createContainerFromFile('csrf');
$this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
}
}