/** * Boots the Bundle. */ public function boot() { if ($this->container->has('error_handler')) { $this->container->get('error_handler'); } if ($this->container->hasParameter('csrf_secret')) { FormConfiguration::setDefaultCsrfSecret($this->container->getParameter('csrf_secret')); FormConfiguration::enableDefaultCsrfProtection(); } }
/** * Boots the Bundle. */ public function boot() { if ($this->container->has('error_handler')) { $this->container->get('error_handler'); } if ($this->container->hasParameter('csrf_secret')) { FormConfiguration::addDefaultCsrfSecret($this->container->getParameter('csrf_secret')); FormConfiguration::enableDefaultCsrfProtection(); } $container = $this->container; // the session ID should always be included in the CSRF token, even // if default CSRF protection is not enabled FormConfiguration::addDefaultCsrfSecret(function () use($container) { // automatically starts the session when the CSRF token is // generated $container->get('session')->start(); return $container->get('session')->getId(); }); }
public function testDefaultCsrfProtectionCanBeEnabled() { FormConfiguration::enableDefaultCsrfProtection(); $form = new Form('author', new Author(), $this->validator); $this->assertTrue($form->isCsrfProtected()); }