[Bug]: CSRF token is always in a schema

nelmio / NelmioApiDocBundle

Generates documentation for your REST API from annotations

MIT License

2.23k stars 833 forks source link

[Bug]: CSRF token is always in a schema #2293

Closed Hricer closed 2 months ago

Hricer commented 3 months ago

Version

4.26.2

Description

After updating the library, the csrf token is always in the schema even though the form has option 'csrf_protection' => false.

Only global disable csrf_protection in framework config works.

Additional context

No response

Hricer commented 2 months ago

@stollr I will be happy if you check this behavior.

stollr commented 2 months ago

@Hricer Where do you set the option 'csrf_protection' => false?

Hricer commented 2 months ago

@stollr during form creation

$form = $this->createForm(MyApiForm::class, $task, [
    'csrf_protection' => false,
]);

framework.yaml

framework:
  csrf_protection: true

Hricer commented 2 months ago

I got it. Of course I have to set 'csrf_protection' => false in setDefaults.

class MyApiForm extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options): void
    {
        ...
    }

    public function configureOptions(OptionsResolver $resolver): void
    {
        $resolver->setDefaults([
            'csrf_protection' => false,
        ]);
    }
}

@stollr Thanks :)