Marijn/TijdVoorDeTest
1
0
Fork 0
mirror of https://github.com/MarijnDoeve/TijdVoorDeTest.git synced 2026-03-05 20:44:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix csrf-tokens

Browse Source
This commit is contained in:
Marijn Doeve
2025-04-21 14:09:02 +02:00
parent 4863fad3ba
commit acd85bfc2b
6 changed files with 11 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@@ -25,6 +25,7 @@
"symfony/mailer": "7.2.*", "symfony/mailer": "7.2.*",
"symfony/runtime": "7.2.*", "symfony/runtime": "7.2.*",
"symfony/security-bundle": "7.2.*", "symfony/security-bundle": "7.2.*",
"symfony/security-csrf": "7.2.*",
"symfony/twig-bundle": "7.2.*", "symfony/twig-bundle": "7.2.*",
"symfony/uid": "7.2.*", "symfony/uid": "7.2.*",
"symfony/yaml": "7.2.*", "symfony/yaml": "7.2.*",

2
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "004d85a41be91c2fbf8264e757a53a9e", "content-hash": "ee8228c69be95e84852d15ba67d0920e",
"packages": [ "packages": [
{ {
"name": "doctrine/collections", "name": "doctrine/collections",

11
config/packages/csrf.yaml
View File

@@ -1,11 +0,0 @@
# Enable stateless CSRF protection for forms and logins/logouts
framework:
form:
csrf_protection:
token_id: submit
csrf_protection:
stateless_token_ids:
- submit
- authenticate
- logout

4
config/packages/framework.yaml
View File

@@ -4,7 +4,9 @@ framework:
# Note that the session will be started ONLY if you read or write from it. # Note that the session will be started ONLY if you read or write from it.
session: true session: true
form:
csrf_protection:
enabled: true
#esi: true #esi: true
#fragments: true #fragments: true

8
templates/login/login.html.twig
View File

@@ -15,15 +15,17 @@
<input type="email" value="{{ last_username }}" name="_username" id="username" class="form-control" <input type="email" value="{{ last_username }}" name="_username" id="username" class="form-control"
autocomplete="email" required autofocus> autocomplete="email" required autofocus>
</div> </div>
<div class="mb-3"> <div class="mb-3">
<label for="password" class="form-label">{{ 'Password'|trans }}</label> <label for="password" class="form-label">{{ 'Password'|trans }}</label>
<input type="password" name="_password" id="password" class="form-control" <input type="password" name="_password" id="password" class="form-control"
autocomplete="current-password" autocomplete="current-password"
required> required>
</div> </div>
<input type="hidden" name="_csrf_token"
value="{{ csrf_token('authenticate') }}" <input type="hidden" name="_csrf_token" data-controller="csrf-protection"
> value="{{ csrf_token('authenticate') }}">
<div class="mb-3 form-check"> <div class="mb-3 form-check">
<input type="checkbox" name="_remember_me" id="_remember_me" class="form-check-input"> <input type="checkbox" name="_remember_me" id="_remember_me" class="form-check-input">
<label for="_remember_me" class="form-check-label">{{ 'Remember me'|trans }}</label> <label for="_remember_me" class="form-check-label">{{ 'Remember me'|trans }}</label>

1
templates/quiz/question.twig
View File

@@ -2,6 +2,7 @@
{% block body %} {% block body %}
{{ question.question }}<br/> {{ question.question }}<br/>
<form method="post"> <form method="post">
<input type="hidden" name="token" value="{{ csrf_token('question') }}">
{% for answer in question.answers %} {% for answer in question.answers %}
<div> <div>
<button class="btn btn-outline-success" <button class="btn btn-outline-success"