Disable CSRF extension overwritten by Symfony's own CSRF extension

FriendsOfSymfony / FOSRestBundle

This Bundle provides various tools to rapidly develop RESTful API's with Symfony

http://symfony.com/doc/master/bundles/FOSRestBundle/index.html

MIT License

2.79k stars 707 forks source link

Disable CSRF extension overwritten by Symfony's own CSRF extension #2349

Closed Bilge closed 2 years ago

Bilge commented 2 years ago

This bundle's DisableCSRFExtension is loaded before Symfony 4's own FormTypeCsrfExtension, causing incorrect behaviour after upgrading Symfony 3 -> 4. Both these extensions behave correctly but DisableCSRFExtension must be loaded last.

Is there a known way to fix this?

Bilge commented 2 years ago

Solution is to change bundle load order.