Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add block prefix to csrf token field #29862

Merged
merged 1 commit into from Jan 16, 2019

Conversation

Projects
None yet
6 participants
@alexander-schranz
Copy link
Contributor

commented Jan 12, 2019

Q A
Branch? master
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #...
License MIT
Doc PR symfony/symfony-docs#10867

Currently I use the following code snippet to overwrite the token rendering:

{%- block hidden_widget -%}
    {%- if form.vars.name == '_token' -%}
        {{ block('app__token_widget') }}
    {%- else -%}
        {{ block('hidden_widget', 'form_div_layout.html.twig') }}
    {%- endif -%}
{%- endblock hidden_widget -%}

{%- block app__token_widget %}
    {{ render_esi(controller('SuluFormBundle:FormWebsite:token', { 'form': form.parent.vars.name })) }}
{%- endblock app__token_widget -%}

With the change of https://symfony.com/blog/new-in-symfony-4-3-simpler-form-theming this workaround can now be removed and the following can be used:

{%- block token_widget %}
    {{ render_esi(controller('SuluFormBundle:FormWebsite:token', { 'form': form.parent.vars.name })) }}
{%- endblock token_widget -%}
@@ -90,9 +90,10 @@ public function finishView(FormView $view, FormInterface $form, array $options)
$tokenId = $options['csrf_token_id'] ?: ($form->getName() ?: \get_class($form->getConfig()->getType()->getInnerType()));
$data = (string) $options['csrf_token_manager']->getToken($tokenId);
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'Symfony\Component\Form\Extension\Core\Type\HiddenType', $data, array(
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'Symfony\Component\Form\Extension\Core\Type\HiddenType', $data, [
'block_prefix' => 'token',

This comment has been minimized.

Copy link
@javiereguiluz

javiereguiluz Jan 15, 2019

Member

token -> csrf_token ?

@javiereguiluz

This comment has been minimized.

Copy link
Member

commented Jan 15, 2019

This looks nice to me ... but I'd like to ask @HeahDude and @vudaltsov if they can imagine any problem for adding this option unconditionally and for "hardcoding" its value. Thanks!

@HeahDude
Copy link
Member

left a comment

This is a really simple and nice addition, thank you very much!

@fabpot

fabpot approved these changes Jan 16, 2019

@fabpot fabpot force-pushed the alexander-schranz:patch-2 branch from 7f2ede8 to 02bd689 Jan 16, 2019

@fabpot

This comment has been minimized.

Copy link
Member

commented Jan 16, 2019

Thank you @alexander-schranz.

@fabpot fabpot merged commit 02bd689 into symfony:master Jan 16, 2019

1 of 3 checks passed

continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
fabbot.io Your code looks good.
Details

fabpot added a commit that referenced this pull request Jan 16, 2019

feature #29862 Add block prefix to csrf token field (alexander-schranz)
This PR was squashed before being merged into the 4.3-dev branch (closes #29862).

Discussion
----------

Add block prefix to csrf token field

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #...
| License       | MIT
| Doc PR        | symfony/symfony-docs#10867

Currently I use the following code snippet to overwrite the token rendering:

```twig
{%- block hidden_widget -%}
    {%- if form.vars.name == '_token' -%}
        {{ block('app__token_widget') }}
    {%- else -%}
        {{ block('hidden_widget', 'form_div_layout.html.twig') }}
    {%- endif -%}
{%- endblock hidden_widget -%}

{%- block app__token_widget %}
    {{ render_esi(controller('SuluFormBundle:FormWebsite:token', { 'form': form.parent.vars.name })) }}
{%- endblock app__token_widget -%}
```

With the change of https://symfony.com/blog/new-in-symfony-4-3-simpler-form-theming this workaround can now be removed and the following can be used:

```twig
{%- block token_widget %}
    {{ render_esi(controller('SuluFormBundle:FormWebsite:token', { 'form': form.parent.vars.name })) }}
{%- endblock token_widget -%}
```

Commits
-------

02bd689 Add block prefix to csrf token field

@alexander-schranz alexander-schranz deleted the alexander-schranz:patch-2 branch Jan 16, 2019

@fabpot fabpot referenced this pull request May 9, 2019

Merged

Release v4.3.0-BETA1 #31435

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.