sulu · alexander-schranz · Feb 5, 2025 · Dec 9, 2024 · Dec 9, 2024 · Jan 9, 2025
diff --git a/.env.dev b/.env.dev
diff --git a/composer.json b/composer.json
@@ -42,16 +42,16 @@
         "scheb/2fa-trusted-device": "^7.2",
         "stof/doctrine-extensions-bundle": "^1.11",
         "sulu/sulu": "~2.6.6",
-        "symfony/config": "^7.1",
-        "symfony/dotenv": "^7.1",
+        "symfony/config": "^7.2",
+        "symfony/dotenv": "^7.2",
         "symfony/flex": "^1.17 || ^2.0",
-        "symfony/framework-bundle": "^7.1",
-        "symfony/mailer": "^7.1",
-        "symfony/monolog-bridge": "^7.1",
+        "symfony/framework-bundle": "^7.2",
+        "symfony/mailer": "^7.2",
+        "symfony/monolog-bridge": "^7.2",
         "symfony/monolog-bundle": "^3.4",
-        "symfony/runtime": "^7.1",
-        "symfony/security-bundle": "^7.1",
-        "symfony/twig-bundle": "^7.1"
+        "symfony/runtime": "^7.2",
+        "symfony/security-bundle": "^7.2",
+        "symfony/twig-bundle": "^7.2"
     },
     "require-dev": {
         "jangregor/phpstan-prophecy": "^1.0",
@@ -66,13 +66,13 @@
         "phpunit/phpunit": "^9.6",
         "rector/rector": "^1.0",
         "sulu/sulu-rector": "^1.0",
-        "symfony/browser-kit": "^7.1",
-        "symfony/css-selector": "^7.1",
-        "symfony/debug-bundle": "^7.1",
-        "symfony/error-handler": "^7.1",
-        "symfony/phpunit-bridge": "^7.1",
+        "symfony/browser-kit": "^7.2",
+        "symfony/css-selector": "^7.2",
+        "symfony/debug-bundle": "^7.2",
+        "symfony/error-handler": "^7.2",
+        "symfony/phpunit-bridge": "^7.2",
         "symfony/thanks": "^1.2",
-        "symfony/web-profiler-bundle": "^7.1",
+        "symfony/web-profiler-bundle": "^7.2",
         "thecodingmachine/phpstan-strict-rules": "^1.0",
         "vincentlanglet/twig-cs-fixer": "^3.0"
     },
@@ -203,7 +203,7 @@
     "extra": {
         "symfony": {
             "allow-contrib": true,
-            "require": "7.1.*"
+            "require": "7.2.*"
         }
     }
 }
diff --git a/config/packages/csrf.yaml b/config/packages/csrf.yaml
@@ -0,0 +1,11 @@
+# Enable stateless CSRF protection for forms and logins/logouts
+framework:
+    form:
+#        csrf_protection:
+#            token_id: submit
+#
+#    csrf_protection:
+#        stateless_token_ids:
+#            - submit
+#            - authenticate
+#            - logout
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
@@ -1,8 +1,7 @@
 # see https://symfony.com/doc/current/reference/configuration/framework.html
 framework:
     secret: '%env(APP_SECRET)%'
-    #csrf_protection: true
-    http_method_override: true # enable also in the index.php
+    http_method_override: true # enabled also in the index.php
 
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.

diff --git a/symfony.lock b/symfony.lock
@@ -212,6 +212,18 @@
             ".env.dev"
         ]
     },
+    "symfony/form": {
+        "version": "7.2",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "7.2",
+            "ref": "7d86a6723f4a623f59e2bf966b6aad2fc461d36b"
+        },
+        "files": [
+            "config/packages/csrf.yaml"
+        ]
+    },
     "symfony/framework-bundle": {
         "version": "7.1",
         "recipe": {