diff --git a/.env.dev b/.env.dev deleted file mode 100644 index e69de29b..00000000 diff --git a/composer.json b/composer.json index 8a5547bf..d9e6fa28 100644 --- a/composer.json +++ b/composer.json @@ -42,16 +42,16 @@ "scheb/2fa-trusted-device": "^7.2", "stof/doctrine-extensions-bundle": "^1.11", "sulu/sulu": "~2.6.6", - "symfony/config": "^7.1", - "symfony/dotenv": "^7.1", + "symfony/config": "^7.2", + "symfony/dotenv": "^7.2", "symfony/flex": "^1.17 || ^2.0", - "symfony/framework-bundle": "^7.1", - "symfony/mailer": "^7.1", - "symfony/monolog-bridge": "^7.1", + "symfony/framework-bundle": "^7.2", + "symfony/mailer": "^7.2", + "symfony/monolog-bridge": "^7.2", "symfony/monolog-bundle": "^3.4", - "symfony/runtime": "^7.1", - "symfony/security-bundle": "^7.1", - "symfony/twig-bundle": "^7.1" + "symfony/runtime": "^7.2", + "symfony/security-bundle": "^7.2", + "symfony/twig-bundle": "^7.2" }, "require-dev": { "jangregor/phpstan-prophecy": "^1.0", @@ -66,13 +66,13 @@ "phpunit/phpunit": "^9.6", "rector/rector": "^1.0", "sulu/sulu-rector": "^1.0", - "symfony/browser-kit": "^7.1", - "symfony/css-selector": "^7.1", - "symfony/debug-bundle": "^7.1", - "symfony/error-handler": "^7.1", - "symfony/phpunit-bridge": "^7.1", + "symfony/browser-kit": "^7.2", + "symfony/css-selector": "^7.2", + "symfony/debug-bundle": "^7.2", + "symfony/error-handler": "^7.2", + "symfony/phpunit-bridge": "^7.2", "symfony/thanks": "^1.2", - "symfony/web-profiler-bundle": "^7.1", + "symfony/web-profiler-bundle": "^7.2", "thecodingmachine/phpstan-strict-rules": "^1.0", "vincentlanglet/twig-cs-fixer": "^3.0" }, @@ -203,7 +203,7 @@ "extra": { "symfony": { "allow-contrib": true, - "require": "7.1.*" + "require": "7.2.*" } } } diff --git a/config/packages/csrf.yaml b/config/packages/csrf.yaml new file mode 100644 index 00000000..e723308a --- /dev/null +++ b/config/packages/csrf.yaml @@ -0,0 +1,11 @@ +# Enable stateless CSRF protection for forms and logins/logouts +framework: + form: +# csrf_protection: +# token_id: submit +# +# csrf_protection: +# stateless_token_ids: +# - submit +# - authenticate +# - logout diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml index f3f438ea..8748117d 100644 --- a/config/packages/framework.yaml +++ b/config/packages/framework.yaml @@ -1,8 +1,7 @@ # see https://symfony.com/doc/current/reference/configuration/framework.html framework: secret: '%env(APP_SECRET)%' - #csrf_protection: true - http_method_override: true # enable also in the index.php + http_method_override: true # enabled also in the index.php # Enables session support. Note that the session will ONLY be started if you read or write from it. # Remove or comment this section to explicitly disable session support. diff --git a/symfony.lock b/symfony.lock index 30ffda1c..1701d609 100644 --- a/symfony.lock +++ b/symfony.lock @@ -212,13 +212,25 @@ ".env.dev" ] }, + "symfony/form": { + "version": "7.2", + "recipe": { + "repo": "github.com/symfony/recipes", + "branch": "main", + "version": "7.2", + "ref": "7d86a6723f4a623f59e2bf966b6aad2fc461d36b" + }, + "files": [ + "config/packages/csrf.yaml" + ] + }, "symfony/framework-bundle": { - "version": "7.1", + "version": "7.2", "recipe": { "repo": "github.com/symfony/recipes", "branch": "main", - "version": "7.0", - "ref": "6356c19b9ae08e7763e4ba2d9ae63043efc75db5" + "version": "7.2", + "ref": "87bcf6f7c55201f345d8895deda46d2adbdbaa89" }, "files": [ "config/packages/cache.yaml",