symfony: Regression in Form extension since 3.2

Since Symfony 3.2 RC 1, I see a regression in my web app: I have a form extension that disable csrf-protection on the /yolo/* routes:

use Symfony\Component\Form\AbstractTypeExtension;
use Symfony\Component\Form\Extension\Core\Type\FormType;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\OptionsResolver\OptionsResolver;

class YoloCsrfDisablerExtension extends AbstractTypeExtension
{
    private $requestStack;

    public function __construct(RequestStack $requestStack)
    {
        $this->requestStack = $requestStack;
    }

    public function configureOptions(OptionsResolver $resolver)
    {
        $request = $this->requestStack->getCurrentRequest();

        if (null === $request) {
            return;
        }

        if (0 !== strpos($request->getPathInfo(), '/yolo/')) {
            return;
        }

        $resolver->setDefaults([
            'csrf_protection' => false,
        ]);
    }

    public function getExtendedType()
    {
        return FormType::class;
    }
}

Prior to Symfony 3.2, when I submitted a form that failed on validation, errors returned by the form submission returned something like: The value should not be blank.

Since Symfony 3.2, even if the form extension is enabled, I now got two errors: The value should not be blank and The CSRF token is invalid. Please try to resubmit the form. that should not appear since the option is disabled with my extension

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 15 (15 by maintainers)

Commits related to this issue

Most upvoted comments

Is this php7 only? Php7 uses non stable sorting algos, on the contrary to php5. If this is a BC break, it has to be fixed. The fact that the fix might break newest apps is not a reason to accept the break.

+1
nicolas-grekas on Dec 19, 2016
Read more comments on GitHub
← symfony: Reduce the perceived complexity of the security component
symfony: Regression in Symfony Yaml Parser →