[Form][FrameworkBundle] Regression with configuration of default CSRF Tokens #59867

PhilETaylor · 2025-02-26T15:56:32Z

Symfony version(s) affected

7.2.4

Description

regression caused by #59728

Symfony\Component\Security\Csrf\CsrfTokenManager::getToken(): Argument #1 ($tokenId) must be of type string, null given, called in /app/vendor/symfony/form/Extension/Csrf/Type/FormTypeCsrfExtension.php on line 80

Seems passing any array to the setAttributes causes this unless you pass csrf_token_id value in that array, there is no sane default applied.

In my case I was passing other attributes in this array, but not the csrf_token_id, as that was not needed before today.

How to reproduce

Minimum reproducer is

$this->createFormBuilder()->setAttributes([/* blank array, or some other key pairs, not including csrf_token_id*/])->getForm()->createView();

Possible Solution

No response

Additional Context

related change https://github.com/symfony/symfony/pull/59728/files#diff-438ae1976074de3d600070f2d02f4e87bcbc847d7826ca8aaeadc4231c5d701f

The text was updated successfully, but these errors were encountered:

nicolas-grekas · 2025-02-26T16:04:52Z

Can you come up with a PR ideally?

PhilETaylor added the Bug label Feb 26, 2025

carsonbot added Status: Needs Review Form FrameworkBundle labels Feb 26, 2025

PhilETaylor mentioned this issue Feb 26, 2025

[Form][FrameworkBundle] Use auto-configuration to make the default CSRF token id apply only to the app; not to bundles #59728

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Form][FrameworkBundle] Regression with configuration of default CSRF Tokens #59867

[Form][FrameworkBundle] Regression with configuration of default CSRF Tokens #59867

[Form][FrameworkBundle] Regression with configuration of default CSRF Tokens #59867

[Form][FrameworkBundle] Regression with configuration of default CSRF Tokens #59867

Comments

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context