/** * Boots the Bundle. */ public function boot() { if ($this->container->has('error_handler')) { $this->container->get('error_handler'); } if ($this->container->hasParameter('csrf_secret')) { FormConfiguration::addDefaultCsrfSecret($this->container->getParameter('csrf_secret')); FormConfiguration::enableDefaultCsrfProtection(); } $container = $this->container; // the session ID should always be included in the CSRF token, even // if default CSRF protection is not enabled FormConfiguration::addDefaultCsrfSecret(function () use($container) { // automatically starts the session when the CSRF token is // generated $container->get('session')->start(); return $container->get('session')->getId(); }); }
public function testDefaultCsrfSecretsCanBeAddedAsClosures() { FormConfiguration::addDefaultCsrfSecret(function () { return 'foobar'; }); $form = new Form('author', new Author(), $this->validator); $form->enableCsrfProtection('_token', 'secret'); $this->assertEquals(md5('secret' . get_class($form) . 'foobar'), $form['_token']->getData()); }