Enables CSRF protection for all new forms
| public static enableDefaultCsrfProtection ( ) |
/**
* Boots the Bundle.
*/
public function boot()
{
if ($this->container->has('error_handler')) {
$this->container->get('error_handler');
}
if ($this->container->hasParameter('csrf_secret')) {
FormConfiguration::setDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
FormConfiguration::enableDefaultCsrfProtection();
}
}
/**
* Boots the Bundle.
*/
public function boot()
{
if ($this->container->has('error_handler')) {
$this->container->get('error_handler');
}
if ($this->container->hasParameter('csrf_secret')) {
FormConfiguration::addDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
FormConfiguration::enableDefaultCsrfProtection();
}
$container = $this->container;
// the session ID should always be included in the CSRF token, even
// if default CSRF protection is not enabled
FormConfiguration::addDefaultCsrfSecret(function () use($container) {
// automatically starts the session when the CSRF token is
// generated
$container->get('session')->start();
return $container->get('session')->getId();
});
}
public function testDefaultCsrfProtectionCanBeEnabled()
{
FormConfiguration::enableDefaultCsrfProtection();
$form = new Form('author', new Author(), $this->validator);
$this->assertTrue($form->isCsrfProtected());
}