[SecurityBundle] Rename firewalls.logout.csrf_token_generator to firewalls.logout.csrf_token_manager
#48387
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hey! I think @TimoBakx has recently worked with this code. Maybe they can help review this? Cheers! Carsonbot |
90e4d48 to
5f56da3
Compare
fabpot
approved these changes
Dec 22, 2022
…irewalls.logout.csrf_token_manager`
5f56da3 to
0a0a98a
Compare
|
Thank you @MatTheCat. |
stof
reviewed
Dec 22, 2022
| @@ -60,4 +60,5 @@ SecurityBundle | |||
| Validator | |||
| -------------- | |||
|
|
|||
| * Implementing the `ConstraintViolationInterface` without implementing the `getConstraint()` method is deprecated | |||
| * Implementing the `ConstraintViolationInterface` without implementing the `getConstraint()` method is deprecated | |||
| * Deprecate the `security.firewalls.logout.csrf_token_generator` config option, use `security.firewalls.logout.csrf_token_manager` instead | |||
There was a problem hiding this comment.
this should not be in the Validator section
OskarStark
added a commit
to symfony/symfony-docs
that referenced
this pull request
Jan 30, 2023
…csrf_token_manager` (MatTheCat) This PR was squashed before being merged into the 6.3 branch. Discussion ---------- [Security] Rename logout’s `csrf_token_generator` to `csrf_token_manager` Follow-up of symfony/symfony#48387 Should I still mention the deprecated `csrf_token_generator` in the documentation? If yes, how? Commits ------- ced6562 [Security] Rename logout’s `csrf_token_generator` to `csrf_token_manager`
Merged
nicolas-grekas
added a commit
that referenced
this pull request
Jul 21, 2023
… to XSD (HeahDude) This PR was merged into the 6.3 branch. Discussion ---------- [SecurityBundle] Add `firewalls.logout.csrf_token_manager` to XSD | Q | A | ------------- | --- | Branch? | 6.3 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | ~ | License | MIT | Doc PR | ~ The XSD has been missed in #48387. Commits ------- 742e5c2 [SecurityBundle] Add `firewalls.logout.csrf_token_manager` to XSD
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A long time ago, #6554 replaced
CsrfProviderInterfacebyCsrfTokenGeneratorInterface, and #9216 split the latter intoCsrfTokenManagerInterfaceandTokenGeneratorInterface. #9587 later introducedcsrf_token_generator, which was already wrong at the time.Given that token generators exist, it feels weird to have to set
csrf_token_generatortosecurity.csrf.token_manageras mentioned in the documentation.As this confusion recently led to #48339, I propose to rename
firewalls.logout.csrf_token_generatortofirewalls.logout.csrf_token_manager.