Closed
Description
Since Symfony 3.2 RC 1, I see a regression in my web app: I have a form extension that disable csrf-protection on the /yolo/* routes:
use Symfony\Component\Form\AbstractTypeExtension;
use Symfony\Component\Form\Extension\Core\Type\FormType;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\OptionsResolver\OptionsResolver;
class YoloCsrfDisablerExtension extends AbstractTypeExtension
{
private $requestStack;
public function __construct(RequestStack $requestStack)
{
$this->requestStack = $requestStack;
}
public function configureOptions(OptionsResolver $resolver)
{
$request = $this->requestStack->getCurrentRequest();
if (null === $request) {
return;
}
if (0 !== strpos($request->getPathInfo(), '/yolo/')) {
return;
}
$resolver->setDefaults([
'csrf_protection' => false,
]);
}
public function getExtendedType()
{
return FormType::class;
}
}Prior to Symfony 3.2, when I submitted a form that failed on validation, errors returned by the form submission returned something like: The value should not be blank.
Since Symfony 3.2, even if the form extension is enabled, I now got two errors: The value should not be blank and The CSRF token is invalid. Please try to resubmit the form. that should not appear since the option is disabled with my extension
492B