[FrameworkBundle] CSRF should be on by default
This commit is contained in:
parent
b38ab51271
commit
f842ae6d99
@ -94,7 +94,7 @@ class Configuration implements ConfigurationInterface
|
|||||||
->canBeEnabled()
|
->canBeEnabled()
|
||||||
->end()
|
->end()
|
||||||
->arrayNode('csrf_protection')
|
->arrayNode('csrf_protection')
|
||||||
->canBeEnabled()
|
->canBeDisabled()
|
||||||
->children()
|
->children()
|
||||||
->scalarNode('field_name')->defaultValue('_token')->end()
|
->scalarNode('field_name')->defaultValue('_token')->end()
|
||||||
->end()
|
->end()
|
||||||
|
@ -94,7 +94,7 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
|
|||||||
'default_locale' => 'en',
|
'default_locale' => 'en',
|
||||||
'form' => array('enabled' => false),
|
'form' => array('enabled' => false),
|
||||||
'csrf_protection' => array(
|
'csrf_protection' => array(
|
||||||
'enabled' => false,
|
'enabled' => true,
|
||||||
'field_name' => '_token',
|
'field_name' => '_token',
|
||||||
),
|
),
|
||||||
'esi' => array('enabled' => false),
|
'esi' => array('enabled' => false),
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
framework:
|
||||||
|
secret: s3cr3t
|
||||||
|
form: ~
|
||||||
|
session: ~
|
||||||
|
# CSRF should be enabled by default
|
||||||
|
# csrf_protection: ~
|
@ -22,4 +22,11 @@ class YamlFrameworkExtensionTest extends FrameworkExtensionTest
|
|||||||
$loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/yml'));
|
$loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/yml'));
|
||||||
$loader->load($file.'.yml');
|
$loader->load($file.'.yml');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testCsrfProtectionShouldBeEnabledByDefault()
|
||||||
|
{
|
||||||
|
$container = $this->createContainerFromFile('csrf');
|
||||||
|
|
||||||
|
$this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user