diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
index 9754cb07801f7..678698f4d0747 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -237,12 +237,8 @@ private function addFormSection(ArrayNodeDefinition $rootNode, callable $enableI
->children()
->arrayNode('form')
->info('Form configuration')
- ->treatFalseLike(['enabled' => false])
- ->treatTrueLike(['enabled' => true])
- ->treatNullLike(['enabled' => true])
- ->addDefaultsIfNotSet()
+ ->{$enableIfStandalone('symfony/form', Form::class)}()
->children()
- ->scalarNode('enabled')->defaultNull()->end() // defaults to !class_exists(FullStack::class) && class_exists(Form::class)
->arrayNode('csrf_protection')
->treatFalseLike(['enabled' => false])
->treatTrueLike(['enabled' => true])
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
index 73101912a4387..3febd6337bae9 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -278,19 +278,6 @@ public function load(array $configs, ContainerBuilder $container): void
$this->readConfigEnabled('profiler', $container, $config['profiler']);
$this->readConfigEnabled('workflows', $container, $config['workflows']);
- // csrf depends on session or stateless token ids being registered
- if (null === $config['csrf_protection']['enabled']) {
- $this->writeConfigEnabled('csrf_protection', ($config['csrf_protection']['stateless_token_ids'] || $this->readConfigEnabled('session', $container, $config['session'])) && !class_exists(FullStack::class) && ContainerBuilder::willBeAvailable('symfony/security-csrf', CsrfTokenManagerInterface::class, ['symfony/framework-bundle']), $config['csrf_protection']);
- }
-
- if (null === $config['form']['enabled']) {
- $this->writeConfigEnabled('form', !class_exists(FullStack::class) && ContainerBuilder::willBeAvailable('symfony/form', Form::class, ['symfony/framework-bundle']), $config['form']);
- }
-
- if (null === $config['form']['csrf_protection']['enabled']) {
- $this->writeConfigEnabled('form.csrf_protection', $config['csrf_protection']['enabled'], $config['form']['csrf_protection']);
- }
-
// A translator must always be registered (as support is included by
// default in the Form and Validator component). If disabled, an identity
// translator will be used and everything will still work as expected.
@@ -479,6 +466,10 @@ public function load(array $configs, ContainerBuilder $container): void
$container->removeDefinition('test.session.listener');
}
+ // csrf depends on session or stateless token ids being registered
+ if (null === $config['csrf_protection']['enabled']) {
+ $this->writeConfigEnabled('csrf_protection', ($config['csrf_protection']['stateless_token_ids'] || $this->readConfigEnabled('session', $container, $config['session'])) && !class_exists(FullStack::class) && ContainerBuilder::willBeAvailable('symfony/security-csrf', CsrfTokenManagerInterface::class, ['symfony/framework-bundle']), $config['csrf_protection']);
+ }
$this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
// form depends on csrf being registered
@@ -763,6 +754,10 @@ private function registerFormConfiguration(array $config, ContainerBuilder $cont
{
$loader->load('form.php');
+ if (null === $config['form']['csrf_protection']['enabled']) {
+ $this->writeConfigEnabled('form.csrf_protection', $config['csrf_protection']['enabled'], $config['form']['csrf_protection']);
+ }
+
if ($this->readConfigEnabled('form.csrf_protection', $container, $config['form']['csrf_protection'])) {
if (!$container->hasDefinition('security.csrf.token_generator')) {
throw new \LogicException('To use form CSRF protection, "framework.csrf_protection" must be enabled.');
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php
index 809b40be49179..9814986093c6c 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php
@@ -4,7 +4,6 @@
'annotations' => false,
'csrf_protection' => false,
'form' => [
- 'enabled' => true,
'csrf_protection' => true,
],
'http_method_override' => false,
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_no_csrf.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_no_csrf.php
index 5c63ed0682e79..7c052c9ffd28f 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_no_csrf.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_no_csrf.php
@@ -6,7 +6,6 @@
'handle_all_throwables' => true,
'php_errors' => ['log' => true],
'form' => [
- 'enabled' => true,
'csrf_protection' => [
'enabled' => false,
],
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
index a728a44838b77..0a32ce8b36434 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
@@ -6,7 +6,6 @@
'enabled_locales' => ['fr', 'en'],
'csrf_protection' => true,
'form' => [
- 'enabled' => true,
'csrf_protection' => [
'field_name' => '_csrf',
],
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml
index ec97dcdd942d3..fdd02be876357 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml
@@ -12,7 +12,7 @@
-
+
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_no_csrf.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_no_csrf.xml
index da8ed8b98891a..de14181087a13 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_no_csrf.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_no_csrf.xml
@@ -9,7 +9,7 @@
-
+
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
index 0957d0cff0dce..c01e857838bc3 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
@@ -10,7 +10,7 @@
fr
en
-
+
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml
index 36987869f2302..20350c9e8f2c3 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml
@@ -2,7 +2,6 @@ framework:
annotations: false
csrf_protection: false
form:
- enabled: true
csrf_protection: true
http_method_override: false
handle_all_throwables: true
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_no_csrf.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_no_csrf.yml
index 74ee41091f710..a86432f8d5a0b 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_no_csrf.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_no_csrf.yml
@@ -5,6 +5,5 @@ framework:
php_errors:
log: true
form:
- enabled: true
csrf_protection:
enabled: false
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
index f70458a6cd097..7550749eb1a1e 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
@@ -4,7 +4,6 @@ framework:
enabled_locales: ['fr', 'en']
csrf_protection: true
form:
- enabled: true
csrf_protection:
field_name: _csrf
http_method_override: false