Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 83fc5ed

Browse files
fabpotfabpot
committed
merged branch vicb/csrffix (PR #7060)
This PR was squashed before being merged into the 2.2 branch (closes #7060). Commits ------- f842ae6 [FrameworkBundle] CSRF should be on by default Discussion ---------- [FrameworkBundle] CSRF should be on by default --------------------------------------------------------------------------- by stof at 2013-02-13T11:27:32Z :+1: --------------------------------------------------------------------------- by vicb at 2013-02-15T08:54:39Z Oops seems like a file is missing... will update --------------------------------------------------------------------------- by vicb at 2013-02-15T09:04:13Z @fabpot the fix is fixed, ready to be merged ! --------------------------------------------------------------------------- by stloyd at 2013-02-15T09:05:24Z Shouldn't this be noted in upgrade/changelog file? It's kinda of BC break... --------------------------------------------------------------------------- by vicb at 2013-02-15T09:13:18Z don't fix so, this is something I did break a few weeks ago, just reverting to how it is supposed to work. --------------------------------------------------------------------------- by fabpot at 2013-02-15T09:49:21Z If you broke CSRF configuration, I suppose that you also broke form, ESI, framgents, translator, validator, and profiler configuration, no (see fde7585)? --------------------------------------------------------------------------- by vicb at 2013-02-15T09:51:51Z Hey @fabpot I am not that BAD :) "form, ESI, framgents, translator, validator, and profiler" are off by default. Only CSRF should be on by default.
2 parents 5276a09 + f842ae6 commit 83fc5ed

File tree

4 files changed

+15
-2
lines changed

4 files changed

+15
-2
lines changed

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ private function addFormSection(ArrayNodeDefinition $rootNode)
9494
->canBeEnabled()
9595
->end()
9696
->arrayNode('csrf_protection')
97-
->canBeEnabled()
97+
->canBeDisabled()
9898
->children()
9999
->scalarNode('field_name')->defaultValue('_token')->end()
100100
->end()

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ protected static function getBundleDefaultConfig()
9494
'default_locale' => 'en',
9595
'form' => array('enabled' => false),
9696
'csrf_protection' => array(
97-
'enabled' => false,
97+
'enabled' => true,
9898
'field_name' => '_token',
9999
),
100100
'esi' => array('enabled' => false),

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
framework:
2+
secret: s3cr3t
3+
form: ~
4+
session: ~
5+
# CSRF should be enabled by default
6+
# csrf_protection: ~

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/YamlFrameworkExtensionTest.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,11 @@ protected function loadFromFile(ContainerBuilder $container, $file)
2222
$loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/yml'));
2323
$loader->load($file.'.yml');
2424
}
25+
26+
public function testCsrfProtectionShouldBeEnabledByDefault()
27+
{
28+
$container = $this->createContainerFromFile('csrf');
29+
30+
$this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
31+
}
2532
}

0 commit comments

Comments
 (0)