[FrameworkBundle] CSRF should be on by default

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

@@ -94,7 +94,7 @@ class Configuration implements ConfigurationInterface
                     ->canBeEnabled()
                 ->end()
                 ->arrayNode('csrf_protection')
-                    ->canBeEnabled()
+                    ->canBeDisabled()
                     ->children()
                         ->scalarNode('field_name')->defaultValue('_token')->end()
                     ->end()

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php

@@ -94,7 +94,7 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
             'default_locale'      => 'en',
             'form'                => array('enabled' => false),
             'csrf_protection'     => array(
-                'enabled'    => false,
+                'enabled'    => true,
                 'field_name' => '_token',
             ),
             'esi'                 => array('enabled' => false),

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf.yml

@@ -0,0 +1,6 @@
+framework:
+    secret: s3cr3t
+    form: ~
+    session: ~
+    # CSRF should be enabled by default
+    # csrf_protection: ~

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/YamlFrameworkExtensionTest.php

@@ -22,4 +22,11 @@ class YamlFrameworkExtensionTest extends FrameworkExtensionTest
         $loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/yml'));
         $loader->load($file.'.yml');
     }
+
+    public function testCsrfProtectionShouldBeEnabledByDefault()
+    {
+        $container = $this->createContainerFromFile('csrf');
+
+        $this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
+    }
 }