FormTypeCsrfExtension overwrites my Extension's settings #19735
Comments
|
I can't help you with the form extension problem ... but in case you are not aware of it, you can disable CSRF via config options:
use Symfony\Component\OptionsResolver\OptionsResolver;
class TaskType extends AbstractType
{
// ...
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults(array(
// ...
'csrf_protection' => false,
));
}
// ...
}
# app/config/config.yml
framework:
form:
csrf_protection:
enabled: falseIf you create a new kernel to serve the API, you can easily use the second alternative to disable CSRF for the entire API. |
We decided not to do that, as all forms in REST API don't require CSRF protection.
Nope, need that just for the API.
Hmmm… worth exploring. But extension should work as well… |
|
@MacDada the multi-kernel solution is way easier than it looks (and it will increase the performance of your API because you'll remove lots of unnecessary bundles and features). There is a pending PR in the symfony-docs repo explaining it: https://github.com/symfony/symfony-docs/pull/6840/files |
|
Can you reproduce the issue on a clean symfony standard edition fork? https://github.com/symfony/symfony-standard |
|
Unfortunately form type extensions don't support priority. I suggest you use a normalizer to handle the option outside of the inheritance and extension processes and resolve the option when it is called under condition: // in your extension
if ($resolver->isDefined('csrf_protection')) {
$resolver->setNormalizer('crsf_protection', function (Options $options, $csrf) {
if (!$this->restApiCallRecognizer->isApiCall($this->requestStack->getCurrentRequest())) {
return $csrf;
}
return false;
});
} |
|
Thanks for the fork 😄 The problem is indeed the order in which the type extensions are registered. As you load your Moving your But maybe the solution suggested by @HeahDude is also worth looking into 😉 |
…pe extension tags (dmaicher) This PR was merged into the 3.2-dev branch. Discussion ---------- [FrameworkBundle] add support for prioritizing form type extension tags | Q | A | ------------- | --- | Branch? | "master" | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #19735 | License | MIT | Doc PR | symfony/symfony-docs#6958 This PR proposes to add support for `priority` on `form.type_extension` dependecyinjection tags to enable sorting/prioritizing form type extensions. Issue was mentioned here: #19735 Commits ------- a3db5f0 [FrameworkBundle] add support for prioritizing form type extension tags
…pe extension tags (dmaicher) This PR was merged into the 3.2-dev branch. Discussion ---------- [FrameworkBundle] add support for prioritizing form type extension tags | Q | A | ------------- | --- | Branch? | "master" | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #19735 | License | MIT | Doc PR | symfony/symfony-docs#6958 This PR proposes to add support for `priority` on `form.type_extension` dependecyinjection tags to enable sorting/prioritizing form type extensions. Issue was mentioned here: symfony/symfony#19735 Commits ------- a3db5f0 [FrameworkBundle] add support for prioritizing form type extension tags
Hi,
I've created an extension disabling CSRFTokens. Unfortunately
Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtensionis overwriting mycsrf_protectionvalue. If I comment the linemy value is passed to form options and my extension works. While debugging I've changed bool to some string to make sure I see value set by my extension, so I'm pretty sure my extension is ok.
My extension class:
My services.yml:
I've tried to change priority of my extension (to -1000, 1000 and 100000) but it didn't help.
The text was updated successfully, but these errors were encountered: