diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml index 9445f1c0..6843a177 100644 --- a/config/packages/framework.yaml +++ b/config/packages/framework.yaml @@ -28,6 +28,11 @@ framework: #esi: true #fragments: true + + form: { csrf_protection: { token_id: 'submit' } } + csrf_protection: + stateless_token_ids: ['submit', 'authenticate', 'logout'] + when@test: framework: test: true diff --git a/config/packages/ux_turbo.yaml b/config/packages/ux_turbo.yaml new file mode 100644 index 00000000..c2a6a44e --- /dev/null +++ b/config/packages/ux_turbo.yaml @@ -0,0 +1,4 @@ +# Enable stateless CSRF protection for forms and logins/logouts +framework: + csrf_protection: + check_header: true diff --git a/symfony.lock b/symfony.lock index 3a615cd6..df55764d 100644 --- a/symfony.lock +++ b/symfony.lock @@ -748,13 +748,16 @@ ] }, "symfony/ux-turbo": { - "version": "2.27", + "version": "2.28", "recipe": { "repo": "github.com/symfony/recipes", "branch": "main", "version": "2.20", - "ref": "e4b951d7de760751e170c6d2e3b565cf9ed5182f" - } + "ref": "287f7c6eb6e9b65e422d34c00795b360a787380b" + }, + "files": [ + "config/packages/ux_turbo.yaml" + ] }, "symfony/validator": { "version": "7.3", diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig index aab566d2..b8a0df1d 100644 --- a/templates/security/login.html.twig +++ b/templates/security/login.html.twig @@ -22,8 +22,7 @@ {% block card_content %}
- + @@ -72,4 +71,4 @@ {% if allow_email_pw_reset %} {% trans %}pw_reset.password_forget{% endtrans %} {% endif %} -{% endblock %} \ No newline at end of file +{% endblock %}