You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CSRF token errors occurs when creating a new record throw sonata after updating sonata-project/admin-bundle with dependencies. This issue occurs when applying symfony/security-http security patch released on v5.3.31.
$ composer show --latest 'sonata-project/*'
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
- up to date version
Direct dependencies required in composer.json:
sonata-project/doctrine-orm-admin-bundle 4.15.0 4.15.0 Integrate Doctrine ORM into the SonataAdminBundle
Transitive dependencies not required in composer.json:
sonata-project/admin-bundle 4.29.1 4.29.1 The missing Symfony Admin Generator
sonata-project/block-bundle 5.1.0 5.1.0 Symfony SonataBlockBundle
sonata-project/doctrine-extensions 2.3.0 2.3.0 Doctrine2 behavioral extensions
sonata-project/exporter 3.3.0 3.3.0 Lightweight Exporter library
sonata-project/form-extensions 2.3.0 2.3.0 Symfony form extensions
sonata-project/twig-extensions 2.4.0 2.4.0 Sonata twig extensions
Symfony packages
$ composer show --latest 'symfony/*'
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
- up to date version
Direct dependencies required in composer.json:
symfony/cache v5.4.29 v6.4.0 Provides extended PSR-6, PSR-16 (and tags) implementations
symfony/config v5.4.26 v6.4.0 Helps you find, load, combine, autofill and validate configuration...
symfony/console v5.4.28 v6.4.1 Eases the creation of beautiful and testable command line interfaces
symfony/debug-bundle v5.4.26 v6.4.0 Provides a tight integration of the Symfony VarDumper component an...
symfony/dependency-injection v5.4.29 v6.4.1 Allows you to standardize and centralize the way objects are const...
symfony/error-handler v5.4.29 v6.4.0 Provides tools to manage errors and ease debugging PHP code
symfony/event-dispatcher v5.4.26 v6.4.0 Provides tools that allow your application components to communica...
symfony/form v5.4.29 v6.4.1 Allows to easily create, process and reuse HTML forms
symfony/framework-bundle v5.4.29 v6.4.1 Provides a tight integration between Symfony components and the Sy...
symfony/http-client v5.4.29 v6.4.0 Provides powerful methods to fetch HTTP resources synchronously or...
symfony/http-foundation v5.4.28 v6.4.0 Defines an object-oriented layer for the HTTP specification
symfony/http-kernel v5.4.29 v6.4.1 Provides a structured process for converting a Request into a Resp...
symfony/mailer v5.4.22 v6.4.0 Helps sending emails
symfony/mime v5.4.26 v6.4.0 Allows manipulating MIME messages
symfony/monolog-bundle v3.8.0 v3.10.0 Symfony MonologBundle
symfony/routing v5.4.26 v6.4.1 Maps an HTTP request to a set of configuration variables
symfony/security-bundle v5.4.31 v6.4.0 Provides a tight integration of the Security component into the Sy...
symfony/sendgrid-mailer v5.4.23 v6.4.0 Symfony Sendgrid Mailer Bridge
symfony/translation v5.4.24 v6.4.0 Provides tools to internationalize your application
symfony/twig-bundle v5.4.27 v6.4.0 Provides a tight integration of Twig into the Symfony full-stack f...
symfony/uid v5.4.21 v6.4.0 Provides an object-oriented API to generate and represent UIDs
symfony/validator v5.4.29 v6.4.0 Provides tools to validate values
symfony/web-profiler-bundle v5.4.26 v6.4.0 Provides a development tool that gives detailed information about ...
Transitive dependencies not required in composer.json:
symfony/asset v6.4.0 v6.4.0 Manages URL generation and versioning of web assets such as CSS st...
symfony/browser-kit v6.3.2 v6.4.0 Simulates the behavior of a web browser, allowing you to make requ...
symfony/cache-contracts v2.5.2 v3.4.0 Generic abstractions related to caching
symfony/css-selector v5.4.26 v6.4.0 Converts CSS selectors to XPath expressions
symfony/deprecation-contracts v3.4.0 v3.4.0 A generic function and convention to trigger deprecation notices
symfony/doctrine-bridge v5.4.31 v6.4.0 Provides integration for Doctrine with various Symfony components
symfony/dom-crawler v6.3.4 v6.4.0 Eases DOM navigation for HTML and XML documents
symfony/event-dispatcher-contracts v3.4.0 v3.4.0 Generic abstractions related to dispatching event
symfony/expression-language v6.4.0 v6.4.0 Provides an engine that can compile and evaluate expressions
symfony/filesystem v6.3.1 v6.4.0 Provides basic utilities for the filesystem
symfony/finder v5.4.27 v6.4.0 Finds files and directories via an intuitive fluent interface
symfony/http-client-contracts v2.5.2 v3.4.0 Generic abstractions related to HTTP clients
symfony/intl v6.3.2 v6.4.0 Provides access to the localization data of the ICU library
symfony/monolog-bridge v5.4.22 v6.4.0 Provides integration for Monolog with various Symfony components
symfony/options-resolver v6.4.0 v6.4.0 Provides an improved replacement for the array_replace PHP function
symfony/password-hasher v6.4.0 v6.4.0 Provides password hashing utilities
symfony/polyfill-ctype v1.28.0 v1.28.0 Symfony polyfill for ctype functions
symfony/polyfill-intl-grapheme v1.28.0 v1.28.0 Symfony polyfill for intl's grapheme_* functions
symfony/polyfill-intl-icu v1.28.0 v1.28.0 Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-intl-idn v1.28.0 v1.28.0 Symfony polyfill for intl's idn_to_ascii and idn_to_utf8 functions
symfony/polyfill-intl-normalizer v1.28.0 v1.28.0 Symfony polyfill for intl's Normalizer class and related functions
symfony/polyfill-mbstring v1.28.0 v1.28.0 Symfony polyfill for the Mbstring extension
symfony/polyfill-php72 v1.28.0 v1.28.0 Symfony polyfill backporting some PHP 7.2+ features to lower PHP v...
symfony/polyfill-php73 v1.28.0 v1.28.0 Symfony polyfill backporting some PHP 7.3+ features to lower PHP v...
symfony/polyfill-php80 v1.28.0 v1.28.0 Symfony polyfill backporting some PHP 8.0+ features to lower PHP v...
symfony/polyfill-php81 v1.28.0 v1.28.0 Symfony polyfill backporting some PHP 8.1+ features to lower PHP v...
symfony/polyfill-uuid v1.28.0 v1.28.0 Symfony polyfill for uuid functions
symfony/process v6.3.4 v6.4.0 Executes commands in sub-processes
symfony/property-access v6.4.0 v6.4.0 Provides functions to read and write from/to an object or array us...
symfony/property-info v6.3.9 v6.4.0 Extracts information about PHP class' properties using metadata of...
symfony/security-acl v3.3.3 v3.3.3 Symfony Security Component - ACL (Access Control List)
symfony/security-core v5.4.30 v6.4.0 Symfony Security Component - Core Library
symfony/security-csrf v6.4.0 v6.4.0 Symfony Security Component - CSRF Library
symfony/security-guard v5.4.27 v5.4.27 Symfony Security Component - Guard
symfony/security-http v5.4.31 v6.4.0 Symfony Security Component - HTTP Integration
symfony/serializer v6.3.10 v6.4.1 Handles serializing and deserializing data structures, including o...
symfony/service-contracts v2.5.2 v3.4.0 Generic abstractions related to writing services
symfony/stopwatch v6.3.0 v6.4.0 Provides a way to profile code
symfony/string v6.4.0 v6.4.0 Provides an object-oriented API to strings and deals with bytes, U...
symfony/translation-contracts v2.5.2 v3.4.0 Generic abstractions related to translation
symfony/twig-bridge v5.4.31 v6.4.0 Provides integration for Twig with various Symfony components
symfony/var-dumper v6.3.6 v6.4.0 Provides mechanisms for walking through any arbitrary PHP variable
symfony/var-exporter v6.3.6 v6.4.1 Allows exporting any serializable PHP data structure to plain PHP ...
symfony/yaml v5.4.23 v6.4.0 Loads and dumps YAML files
PHP version
$ php -v
PHP 8.1.24 (cli) (built: Oct 12 2023 09:19:15) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.24, Copyright (c) Zend Technologies
with Xdebug v3.1.4, Copyright (c) 2002-2022, by Derick Rethans
Subject
It seems that latest sonata-project/admin-bundle is not working well with symfony/security-http:v5.3.31 relased at Nov 10.
It works well when fixing symfony/security-http verison to 5.3.30.
Therefore this issue prevents one from applying symfony/security-http security patch released at symfony/security-http:v5.3.31.
Accutually this is not a duplication. This is not same issue since symfony/security-http@v5.4.31 was released in Nov 10, which is quite after #8015 creation.
Isn't there something to be changed in sonata-project/admin-bundler side to keep compatible with symfony/security-http?
Accutually this is not a duplication. This is not same issue since symfony/security-http@v5.4.31 was released in Nov 10, which is quite after #8015 creation.
If it wasn't the same, you had no reason to re-post your issue there.
Moreover it's the same topic, and you don't really know the root cause ; how can you be sure it's not the same reason ?
There is no need to have one issue per symfony version.
Isn't there something to be changed in sonata-project/admin-bundler side to keep compatible with symfony/security-http?
If there is something to change, that mean Symfony made a BC break/mistake.
Then it's a symfony issue. Did you opened an issue on there side ?
If it wasn't the same, you had no reason to re-post your issue there.
Sorry, this is totally my mistake. First I've posted at #8015, but after that I came to think that that was a different issue and then I created a new issue. I shoud have deleted the post I had done at #8015.
If there is something to change, that mean Symfony made a BC break/mistake.
Totally understood. I'll open an issue at symfony side.
Environment
Sonata packages
CSRF token errors occurs when creating a new record throw sonata after updating sonata-project/admin-bundle with dependencies. This issue occurs when applying symfony/security-http security patch released on v5.3.31.
![image](https://private-user-images.githubusercontent.com/62470336/290389373-9d85f01f-b904-4a1a-a54a-4484a40c1abd.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0NTI1NTAsIm5iZiI6MTcyMTQ1MjI1MCwicGF0aCI6Ii82MjQ3MDMzNi8yOTAzODkzNzMtOWQ4NWYwMWYtYjkwNC00YTFhLWE1NGEtNDQ4NGE0MGMxYWJkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIwVDA1MTA1MFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTY2ZWNjMmY1NDBkNzZjMjFiMzMyOTkwZDU0MDlmOGY5YTg0MGQ5YmZlNDZjNDQxN2JlNDc5YTAxNDI2Y2Y2MDImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.XBUIOyPV-g9ESc1GZvNyfyWsGKKzPLHAVD-xt7-l0-c)
Symfony packages
PHP version
Subject
It seems that latest sonata-project/admin-bundle is not working well with symfony/security-http:v5.3.31 relased at Nov 10.
It works well when fixing symfony/security-http verison to 5.3.30.
Therefore this issue prevents one from applying symfony/security-http security patch released at symfony/security-http:v5.3.31.
Steps to reproduce
Expected results
No csrf token error when creating record.
Actual results
csrf token error
![image](https://private-user-images.githubusercontent.com/62470336/290389373-9d85f01f-b904-4a1a-a54a-4484a40c1abd.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0NTI1NTAsIm5iZiI6MTcyMTQ1MjI1MCwicGF0aCI6Ii82MjQ3MDMzNi8yOTAzODkzNzMtOWQ4NWYwMWYtYjkwNC00YTFhLWE1NGEtNDQ4NGE0MGMxYWJkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIwVDA1MTA1MFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTY2ZWNjMmY1NDBkNzZjMjFiMzMyOTkwZDU0MDlmOGY5YTg0MGQ5YmZlNDZjNDQxN2JlNDc5YTAxNDI2Y2Y2MDImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.XBUIOyPV-g9ESc1GZvNyfyWsGKKzPLHAVD-xt7-l0-c)
The text was updated successfully, but these errors were encountered: