[FrameworkBundle] CSRF should be on by default
This commit is contained in:
parent
b38ab51271
commit
f842ae6d99
@ -94,7 +94,7 @@ class Configuration implements ConfigurationInterface
|
||||
->canBeEnabled()
|
||||
->end()
|
||||
->arrayNode('csrf_protection')
|
||||
->canBeEnabled()
|
||||
->canBeDisabled()
|
||||
->children()
|
||||
->scalarNode('field_name')->defaultValue('_token')->end()
|
||||
->end()
|
||||
|
@ -94,7 +94,7 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
|
||||
'default_locale' => 'en',
|
||||
'form' => array('enabled' => false),
|
||||
'csrf_protection' => array(
|
||||
'enabled' => false,
|
||||
'enabled' => true,
|
||||
'field_name' => '_token',
|
||||
),
|
||||
'esi' => array('enabled' => false),
|
||||
|
@ -0,0 +1,6 @@
|
||||
framework:
|
||||
secret: s3cr3t
|
||||
form: ~
|
||||
session: ~
|
||||
# CSRF should be enabled by default
|
||||
# csrf_protection: ~
|
@ -22,4 +22,11 @@ class YamlFrameworkExtensionTest extends FrameworkExtensionTest
|
||||
$loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/yml'));
|
||||
$loader->load($file.'.yml');
|
||||
}
|
||||
|
||||
public function testCsrfProtectionShouldBeEnabledByDefault()
|
||||
{
|
||||
$container = $this->createContainerFromFile('csrf');
|
||||
|
||||
$this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user