groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-06 02:59:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed login CSFR token error
Some checks failed
Build assets artifact / Build assets artifact (push) Has been cancelled
Details
Docker Image Build / docker (push) Has been cancelled
Details
Docker Image Build (FrankenPHP) / docker (push) Has been cancelled
Details
Static analysis / Static analysis (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, mysql) (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, mysql) (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, mysql) (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, postgres) (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, postgres) (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, postgres) (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, sqlite) (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, sqlite) (push) Has been cancelled
Details
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, sqlite) (push) Has been cancelled
Details

Browse source
This commit is contained in:
Jan Böhmer 2025-08-04 23:50:25 +02:00
parent c834058678
commit 247fed7d74
4 changed files with 17 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/packages/framework.yaml
View file

@ -28,6 +28,11 @@ framework:
#esi: true #esi: true
#fragments: true #fragments: true
form: { csrf_protection: { token_id: 'submit' } }
csrf_protection:
stateless_token_ids: ['submit', 'authenticate', 'logout']
when@test: when@test:
framework: framework:
test: true test: true

4
config/packages/ux_turbo.yaml Normal file
View file

@ -0,0 +1,4 @@
# Enable stateless CSRF protection for forms and logins/logouts
framework:
csrf_protection:
check_header: true

9
symfony.lock
View file

@ -748,13 +748,16 @@
] ]
}, },
"symfony/ux-turbo": { "symfony/ux-turbo": {
"version": "2.27", "version": "2.28",
"recipe": { "recipe": {
"repo": "github.com/symfony/recipes", "repo": "github.com/symfony/recipes",
"branch": "main", "branch": "main",
"version": "2.20", "version": "2.20",
"ref": "e4b951d7de760751e170c6d2e3b565cf9ed5182f" "ref": "287f7c6eb6e9b65e422d34c00795b360a787380b"
} },
"files": [
"config/packages/ux_turbo.yaml"
]
}, },
"symfony/validator": { "symfony/validator": {
"version": "7.3", "version": "7.3",

5
templates/security/login.html.twig
View file

@ -22,8 +22,7 @@
{% block card_content %} {% block card_content %}
<form action="{{ path('login') }}" method="post" data-turbo="false" class="form-horizontal"> <form action="{{ path('login') }}" method="post" data-turbo="false" class="form-horizontal">
<input type="hidden" name="_csrf_token" <input type="hidden" name="_csrf_token" data-controller="csrf-protection" value="{{ csrf_token('authenticate') }}">
value="{{ csrf_token('authenticate') }}">
<input type="hidden" name="_target_path" value="{{ app.request.query.get('_target_path') }}" /> <input type="hidden" name="_target_path" value="{{ app.request.query.get('_target_path') }}" />
@ -72,4 +71,4 @@
{% if allow_email_pw_reset %} {% if allow_email_pw_reset %}
<a class="offset-sm-2" href="{{ path('pw_reset_request') }}">{% trans %}pw_reset.password_forget{% endtrans %}</a> <a class="offset-sm-2" href="{{ path('pw_reset_request') }}">{% trans %}pw_reset.password_forget{% endtrans %}</a>
{% endif %} {% endif %}
{% endblock %} {% endblock %}