enableDefaultCsrfProtection() public static method

Enables CSRF protection for all new forms
public static enableDefaultCsrfProtection ( )
 /**
  * Boots the Bundle.
  */
 public function boot()
 {
     if ($this->container->has('error_handler')) {
         $this->container->get('error_handler');
     }
     if ($this->container->hasParameter('csrf_secret')) {
         FormConfiguration::setDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
         FormConfiguration::enableDefaultCsrfProtection();
     }
 }
 /**
  * Boots the Bundle.
  */
 public function boot()
 {
     if ($this->container->has('error_handler')) {
         $this->container->get('error_handler');
     }
     if ($this->container->hasParameter('csrf_secret')) {
         FormConfiguration::addDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
         FormConfiguration::enableDefaultCsrfProtection();
     }
     $container = $this->container;
     // the session ID should always be included in the CSRF token, even
     // if default CSRF protection is not enabled
     FormConfiguration::addDefaultCsrfSecret(function () use($container) {
         // automatically starts the session when the CSRF token is
         // generated
         $container->get('session')->start();
         return $container->get('session')->getId();
     });
 }
Example #3
0
 public function testDefaultCsrfProtectionCanBeEnabled()
 {
     FormConfiguration::enableDefaultCsrfProtection();
     $form = new Form('author', new Author(), $this->validator);
     $this->assertTrue($form->isCsrfProtected());
 }