Closed
Description
Hi,
I've created an extension disabling CSRFTokens. Unfortunately Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension is overwriting my csrf_protection value. If I comment the line
'csrf_protection' => $this->defaultEnabled,my value is passed to form options and my extension works. While debugging I've changed bool to some string to make sure I see value set by my extension, so I'm pretty sure my extension is ok.
My extension class:
class DisableCSRFExtensionForRestApi extends AbstractTypeExtension
{
/**
* @var RequestStack
*/
private $requestStack;
/**
* @var RestApiCallRecognizer
*/
private $restApiCallRecognizer;
public function __construct(RequestStack $requestStack, RestApiCallRecognizer $restApiCallRecognizer)
{
$this->requestStack = $requestStack;
$this->restApiCallRecognizer = $restApiCallRecognizer;
}
/**
* @param OptionsResolver $resolver
*/
public function configureOptions(OptionsResolver $resolver)
{
if (!$this->restApiCallRecognizer->isApiCall($this->requestStack->getCurrentRequest())) {
return;
}
$resolver->setDefaults([
'csrf_protection' => false,
]);
}
/**
* @return string
*/
public function getExtendedType()
{
return 'form';
}
}My services.yml:
restapi.form.extension.csrf_disable:
class: AppBundle\Form\Extension\DisableCSRFExtensionForRestApi
arguments: [@request_stack, @restapi.call_recognizer]
tags:
- { name: form.type_extension, extended_type: Symfony\Component\Form\Extension\Core\Type\FormType, alias: form }I've tried to change priority of my extension (to -1000, 1000 and 100000) but it didn't help.