Symfony 6.1 csrf protection #477
Labels
Bug
Confirmed bugs or bugfixes.
Comments
Zales0123
added a commit
that referenced
this issue
Oct 18, 2022
This PR was merged into the 1.10 branch. Discussion ---------- | Q | A | --------------- | ----- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | fixes #477 | License | MIT We, unfortunately, rely on this service to be public in the `ResourceController` :/ I've covered the bug with a test (by adding a "delete" button to the test UI) and added explicit Symfony 6.0 and 6.1 testing in the workflow 🖖 Thank you, @dannyvw, for reporting this bug! 🏅 Commits ------- aaeeda5 Make CsrfTokenManager public 8437163 Test Symfony 6 explicitly dfeba75 Test UI resource deletion
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sylius version affected: v1.10.0-ALPHA.1
Description
The csrf_protected value is configured, but is triggering the following error
CSRF protection is not enabled in your application. Enable it with the "csrf_protection" key in "config/packages/framework.yaml". triggered in https://github.com/Sylius/SyliusResourceBundle/blob/1.10/src/Bundle/Controller/ControllerTrait.php#L395
Steps to reproduce
Possible Solution
Set service "security.csrf.token_manager" to public in the same way as is done for twig?
The text was updated successfully, but these errors were encountered: