Fixed login CSFR token error

Author: jbtronics

config/packages/framework.yaml

@@ -28,6 +28,11 @@ framework:
     #esi: true
     #fragments: true
 
+
+    form: { csrf_protection: { token_id: 'submit' } }
+    csrf_protection:
+        stateless_token_ids: ['submit', 'authenticate', 'logout']
+
 when@test:
     framework:
         test: true

config/packages/ux_turbo.yaml

@@ -0,0 +1,4 @@
+# Enable stateless CSRF protection for forms and logins/logouts
+framework:
+    csrf_protection:
+        check_header: true

symfony.lock

@@ -748,13 +748,16 @@
         ]
     },
     "symfony/ux-turbo": {
-        "version": "2.27",
+        "version": "2.28",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
             "version": "2.20",
-            "ref": "e4b951d7de760751e170c6d2e3b565cf9ed5182f"
-        }
+            "ref": "287f7c6eb6e9b65e422d34c00795b360a787380b"
+        },
+        "files": [
+            "config/packages/ux_turbo.yaml"
+        ]
     },
     "symfony/validator": {
         "version": "7.3",

templates/security/login.html.twig

@@ -22,8 +22,7 @@
 {% block card_content %}
     <form action="{{ path('login') }}" method="post" data-turbo="false" class="form-horizontal">
 
-        <input type="hidden" name="_csrf_token"
-               value="{{ csrf_token('authenticate') }}">
+        <input type="hidden" name="_csrf_token" data-controller="csrf-protection" value="{{ csrf_token('authenticate') }}">
 
         <input type="hidden" name="_target_path" value="{{ app.request.query.get('_target_path') }}" />
 
@@ -72,4 +71,4 @@
     {% if allow_email_pw_reset %}
         <a class="offset-sm-2" href="{{ path('pw_reset_request') }}">{% trans %}pw_reset.password_forget{% endtrans %}</a>
     {% endif %}
-{% endblock %}
+{% endblock %}