diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
index 55f2bbbbe2ad..ad67705a50af 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -496,6 +496,10 @@ private function registerFormConfiguration(array $config, ContainerBuilder $cont
}
if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
+ if (!$container->hasDefinition('security.csrf.token_generator')) {
+ throw new \LogicException('To use form CSRF protection `framework.csrf_protection` must be enabled.');
+ }
+
$loader->load('form_csrf.xml');
$container->setParameter('form.type_extension.csrf.enabled', true);
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php
new file mode 100644
index 000000000000..bd482c48de63
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php
@@ -0,0 +1,8 @@
+loadFromExtension('framework', [
+ 'csrf_protection' => false,
+ 'form' => [
+ 'csrf_protection' => true,
+ ],
+]);
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml
new file mode 100644
index 000000000000..e2b7167c8423
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml
@@ -0,0 +1,17 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml
new file mode 100644
index 000000000000..9319019c8641
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml
@@ -0,0 +1,4 @@
+framework:
+ csrf_protection: false
+ form:
+ csrf_protection: true
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
index 5153cdc0fb0c..ef8227165b00 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -84,6 +84,14 @@ public function testFormCsrfProtection()
$this->assertEquals('%form.type_extension.csrf.field_name%', $def->getArgument(2));
}
+ public function testFormCsrfProtectionWithCsrfDisabled()
+ {
+ $this->expectException(\LogicException::class);
+ $this->expectExceptionMessage('To use form CSRF protection `framework.csrf_protection` must be enabled.');
+
+ $this->createContainerFromFile('form_csrf_disabled');
+ }
+
public function testPropertyAccessWithDefaultValue()
{
$container = $this->createContainerFromFile('full');
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy