8000 [SecurityCsrf] Example is incorrect. · Issue #15410 · symfony/symfony-docs · GitHub
[go: up one dir, main page]
Skip to content

[SecurityCsrf] Example is incorrect. #15410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
void-azure opened this issue Jun 5, 2021 · 0 comments
Closed

[SecurityCsrf] Example is incorrect. #15410

void-azure opened this issue Jun 5, 2021 · 0 comments
Milestone
5.3

Comments

@void-azure
Copy link

On the form component documentation it says to use this example for csrf protection under version 6

use Symfony\Component\Form\Extension\Csrf\CsrfExtension;
use Symfony\Component\Form\Forms;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\Security\Csrf\CsrfTokenManager;
use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator;
use Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage;

// creates a Session object from the HttpFoundation component
$session = new Session();

$csrfGenerator = new UriSafeTokenGenerator();
$csrfStorage = new SessionTokenStorage($session);
$csrfManager = new CsrfTokenManager($csrfGenerator, $csrfStorage);

$formFactory = Forms::createFormFactoryBuilder()
    // ...
    ->addExtension(new CsrfExtension($csrfManager))
    ->getFormFactory();

But in symfony 6, $csrfStorage = new SessionTokenStorage() expects RequestStack.
@javiereguiluz javiereguiluz added this to the 6.0 milestone Jun 16, 2021
@javiereguiluz javiereguiluz mentioned this issue Jun 16, 2021
Merged
@javiereguiluz javiereguiluz modified the milestones: 6.0, 5.3 Jun 16, 2021
wouterj added a commit that referenced this issue Jun 17, 2021
@wouterj
bug #15441 [Form] Fixed a code example related to CSRF (javiereguiluz)
6d5073d 
This PR was merged into the 5.3 branch.

Discussion
----------

[Form] Fixed a code example related to CSRF

Fixes #15410 but proposes the fix in 5.3 branch because that's where the deprecation was introduced:

https://github.com/symfony/security-csrf/blob/c7b7006d3ed955da978a002d764cae388bed8d09/TokenStorage/SessionTokenStorage.php#L47-L59

Commits
-------

b4f0e04 [Form] Fixed a code example related to CSRF
@wouterj wouterj closed this as completed Jun 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.3
Development

No branches or pull requests
3 participants
@javiereguiluz @wouterj @void-azure
0