Skip to content

[FrameworkBundle] Disable the keys normalization of the CSRF form field attributes #59829

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

Conversation

sukei
Copy link
Contributor

@sukei sukei commented Feb 21, 2025

Q A
Branch? 7.2
Bug fix? yes
New feature? no
Deprecations? no
Issues
License MIT

The form.csrf_protection.field_attr configuration node value should remain as-is when defined. The default behavior of the configuration component is to normalize keys, but in that specific cases, keys becomes HTML attributes and therefore should not be changed. This commit fix that behaviour for the specific node.

Given

framework:
    form:
        csrf_protection:
            field_attr: { 'data-example-attr': 'value }

Before this patch

['field_attr' = ['data_example_attr' => 'value']]

After this patch

['field_attr' = ['data-example-attr' => 'value']]

…ld attributes

The form.csrf_protection.field_attr configuration node value should remain as-is when defined. The default behavior of the configuration component is to normalize keys, but in that specific cases, keys becomes HTML attributes and therefore should not be changed. This commit fix that behaviour for the specific node.
@carsonbot
Copy link

Hey!

Thanks for your PR. You are targeting branch "7.3" but it seems your PR description refers to branch "7.2".
Could you update the PR description or change target branch? This helps core maintainers a lot.

Cheers!

Carsonbot

@sukei sukei changed the base branch from 7.3 to 7.2 February 21, 2025 13:49
@nicolas-grekas nicolas-grekas modified the milestones: 7.3, 7.2 Feb 24, 2025
@nicolas-grekas
Copy link
Member

Thank you @sukei.

@nicolas-grekas nicolas-grekas merged commit b7a8ab3 into symfony:7.2 Feb 24, 2025
10 of 11 checks passed
@fabpot fabpot mentioned this pull request Feb 26, 2025
renovate bot added a commit to Runroom/archetype-symfony that referenced this pull request Feb 28, 2025
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [symfony/framework-bundle](https://symfony.com)
([source](https://redirect.github.com/symfony/framework-bundle)) |
`7.2.3` -> `7.2.4` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fframework-bundle/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fframework-bundle/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fframework-bundle/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fframework-bundle/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/messenger](https://symfony.com)
([source](https://redirect.github.com/symfony/messenger)) | `7.2.3` ->
`7.2.4` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fmessenger/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fmessenger/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fmessenger/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fmessenger/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/stopwatch](https://symfony.com)
([source](https://redirect.github.com/symfony/stopwatch)) | `7.2.2` ->
`7.2.4` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fstopwatch/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fstopwatch/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fstopwatch/7.2.2/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fstopwatch/7.2.2/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/web-profiler-bundle](https://symfony.com)
([source](https://redirect.github.com/symfony/web-profiler-bundle)) |
`7.2.3` -> `7.2.4` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fweb-profiler-bundle/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fweb-profiler-bundle/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fweb-profiler-bundle/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fweb-profiler-bundle/7.2.3/7.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>symfony/framework-bundle (symfony/framework-bundle)</summary>

###
[`v7.2.4`](https://redirect.github.com/symfony/framework-bundle/releases/tag/v7.2.4)

[Compare
Source](https://redirect.github.com/symfony/framework-bundle/compare/v7.2.3...v7.2.4)

**Changelog**
(symfony/framework-bundle@v7.2.3...v7.2.4)

- bug
[symfony/symfony#59198](https://redirect.github.com/symfony/symfony/issues/59198)
\[Messenger] Filter out non-consumable receivers when registering
`ConsumeMessagesCommand` (@&#8203;wazum)
- bug
[symfony/symfony#59781](https://redirect.github.com/symfony/symfony/issues/59781)
\[Mailer] fix multiple transports default injection
([@&#8203;fkropfhamer](https://redirect.github.com/fkropfhamer))
- bug
[symfony/symfony#59829](https://redirect.github.com/symfony/symfony/issues/59829)
\[FrameworkBundle] Disable the keys normalization of the CSRF form field
attributes ([@&#8203;sukei](https://redirect.github.com/sukei))
- bug
[symfony/symfony#59728](https://redirect.github.com/symfony/symfony/issues/59728)
\[Form]\[FrameworkBundle] Use auto-configuration to make the default
CSRF token id apply only to the app; not to bundles
([@&#8203;nicolas-grekas](https://redirect.github.com/nicolas-grekas))

</details>

<details>
<summary>symfony/messenger (symfony/messenger)</summary>

###
[`v7.2.4`](https://redirect.github.com/symfony/messenger/releases/tag/v7.2.4)

[Compare
Source](https://redirect.github.com/symfony/messenger/compare/v7.2.3...v7.2.4)

**Changelog**
(symfony/messenger@v7.2.3...v7.2.4)

- bug
[symfony/symfony#59198](https://redirect.github.com/symfony/symfony/issues/59198)
\[Messenger] Filter out non-consumable receivers when registering
`ConsumeMessagesCommand` (@&#8203;wazum)

</details>

<details>
<summary>symfony/stopwatch (symfony/stopwatch)</summary>

###
[`v7.2.4`](https://redirect.github.com/symfony/stopwatch/releases/tag/v7.2.4)

[Compare
Source](https://redirect.github.com/symfony/stopwatch/compare/v7.2.2...v7.2.4)

**Changelog**
(symfony/stopwatch@v7.2.3...v7.2.4)

-   no significant changes

</details>

<details>
<summary>symfony/web-profiler-bundle
(symfony/web-profiler-bundle)</summary>

###
[`v7.2.4`](https://redirect.github.com/symfony/web-profiler-bundle/releases/tag/v7.2.4)

[Compare
Source](https://redirect.github.com/symfony/web-profiler-bundle/compare/v7.2.3...v7.2.4)

**Changelog**
(symfony/web-profiler-bundle@v7.2.3...v7.2.4)

- bug
[symfony/symfony#59776](https://redirect.github.com/symfony/symfony/issues/59776)
\[WebProfilerBundle] fix rendering notifier message options
([@&#8203;xabbuh](https://redirect.github.com/xabbuh))
- bug
[symfony/symfony#59033](https://redirect.github.com/symfony/symfony/issues/59033)
\[WebProfilerBundle] Fix interception for non conventional redirects
([@&#8203;Huluti](https://redirect.github.com/Huluti))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/Runroom/archetype-symfony).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzYuMiIsInVwZGF0ZWRJblZlciI6IjM5LjE3Ni4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants