bug symfony#25151 [FrameworkBundle] Automatically enable the CSRF protection if CSRF manager exists (sroze)

fabpot · fabpot · commit d5f04284f9aa · 2017-11-24T08:16:56.000-08:00
This PR was merged into the 3.4 branch. Discussion ---------- [FrameworkBundle] Automatically enable the CSRF protection if CSRF manager exists | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | ø | License | MIT This will automatically enable the CSRF protection if `CsrfTokenManagerInterface` exists. Commits ------- fd43406 Automatically enable the CSRF protection if CSRF manager exists
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -21,6 +21,7 @@
 use Symfony\Component\Form\Form;
 use Symfony\Component\Lock\Lock;
 use Symfony\Component\Lock\Store\SemaphoreStore;
+use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
 use Symfony\Component\Serializer\Serializer;
 use Symfony\Component\Translation\Translator;
 use Symfony\Component\Validator\Validation;
@@ -142,7 +143,7 @@ private function addCsrfSection(ArrayNodeDefinition $rootNode)
         $rootNode
             ->children()
                 ->arrayNode('csrf_protection')
-                    ->canBeEnabled()
+                    ->{!class_exists(FullStack::class) && class_exists(CsrfTokenManagerInterface::class) ? 'canBeDisabled' : 'canBeEnabled'}()
                 ->end()
             ->end()
         ;
