Enable CSRF protection only when security-csrf is installed

symfony · Nov 20, 2024 · db60967 · db60967
1 parent 8d53c58
commit db60967
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/symfony/framework-bundle/7.2/config/packages/framework.yaml b/symfony/framework-bundle/7.2/config/packages/framework.yaml
@@ -9,8 +9,12 @@ framework:
     #fragments: true
 
     # Enable stateless CSRF protection for forms and logins/logouts
-    form: { csrf_protection: { token_id: submit } }
+    form:
+        csrf_protection:
+            enabled: null
+            token_id: submit
     csrf_protection:
+        enabled: null
         stateless_token_ids: [submit, authenticate, logout]
 
 when@test: