security #cve-2026-45074 [Security] Require configuring trusted hosts when using CAS authentication (nicolas-grekas)

nicolas-grekas · nicolas-grekas · commit 6f6f859b437f · 2026-05-15T09:14:02.000+02:00
This PR was merged into the 7.4 branch.
diff --git a/Tests/Functional/app/AccessToken/config_cas.yml b/Tests/Functional/app/AccessToken/config_cas.yml
@@ -4,6 +4,7 @@ imports:
 framework:
   http_method_override: false
   serializer: ~
+  trusted_hosts: ['^localhost$']
 
 security:
   password_hashers:
