From db60967538238bc50cd875232cbf611e0711fc1e Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Wed, 20 Nov 2024 09:52:19 +0100
Subject: [PATCH] Enable CSRF protection only when security-csrf is installed

---
 symfony/framework-bundle/7.2/config/packages/framework.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/symfony/framework-bundle/7.2/config/packages/framework.yaml b/symfony/framework-bundle/7.2/config/packages/framework.yaml
index b4c42bd18..ebc57fb18 100644
--- a/symfony/framework-bundle/7.2/config/packages/framework.yaml
+++ b/symfony/framework-bundle/7.2/config/packages/framework.yaml
@@ -9,8 +9,12 @@ framework:
     #fragments: true
 
     # Enable stateless CSRF protection for forms and logins/logouts
-    form: { csrf_protection: { token_id: submit } }
+    form:
+        csrf_protection:
+            enabled: null
+            token_id: submit
     csrf_protection:
+        enabled: null
         stateless_token_ids: [submit, authenticate, logout]
 
 when@test: