Closed
Description
Since Symfony 3.2 RC 1, I see a regression in my web app: I have a form extension that disable csrf-protection on the /yolo/* routes:
use Symfony\Component\Form\AbstractTypeExtension;
use Symfony\Component\Form\Extension\Core\Type\FormType;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\OptionsResolver\OptionsResolver;
class YoloCsrfDisablerExtension extends AbstractTypeExtension
{
private $requestStack;
public function __construct(RequestStack $requestStack)
{
$this->requestStack = $requestStack;
}
public function configureOptions(OptionsResolver $resolver)
{
$request = $this->requestStack->getCurrentRequest();
if (null === $request) {
return;
}
if (0 !== strpos($request->getPathInfo(), '/yolo/')) {
return;
}
$resolver->setDefaults([
'csrf_protection' => false,
]);
}
public function getExtendedType()
{
return FormType::class;
}
}Prior to Symfony 3.2, when I submitted a form that failed on validation, errors returned by the form submission returned something like: The value should not be blank.
Since Symfony 3.2, even if the form extension is enabled, I now got two errors: The value should not be blank and The CSRF token is invalid. Please try to resubmit the form. that should not appear since the option is disabled with my extension