/** * Adds a CSRF field to the root form view. * * @param FormView $view The form view * @param FormInterface $form The form * @param array $options The options */ public function finishView(FormView $view, FormInterface $form, array $options) { if (!$view->parent && $options['compound']) { $token = $this->session->token(); $factory = $form->getConfig()->getFormFactory(); $csrfForm = $factory->createNamed('_token', 'hidden', $token, array('mapped' => false)); $view->children['_token'] = $csrfForm->createView(null); } }