Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security CSRF config broke the "symfony/skeleton" v7.2 #1358

Closed
rosier opened this issue Nov 19, 2024 · 0 comments · Fixed by symfony/symfony#58937
Closed

Security CSRF config broke the "symfony/skeleton" v7.2 #1358

rosier opened this issue Nov 19, 2024 · 0 comments · Fixed by symfony/symfony#58937

Comments

@rosier
Copy link
Contributor

rosier commented Nov 19, 2024
edited
Loading

I think #1337 introduced config that is not working with the "symfony/skeleton" project.

Running symfony new --version=next --webapp /tmp/next exits with an error.

Output:

* Creating a new Symfony 7.2.x@dev project with Composer
Creating a "symfony/skeleton" project at "/tmp/next"
Installing symfony/skeleton (7.2.x-dev 6eed3c0c766424fc7a91136f43d0de407e3942fb)
  - Installing symfony/skeleton (7.2.x-dev 6eed3c0): Extracting archive
Created project in /tmp/next
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 0 removals
  - Locking symfony/flex (v2.4.7)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
  - Installing symfony/flex (v2.4.7): Extracting archive
Generating autoload files
1 package you are using is looking for funding.
Use the `composer fund` command to find out more!

Run composer recipes at any time to see the status of your Symfony recipes.

Loading composer repositories with package information
Restricting packages listed in "symfony/symfony" to "7.2.*"
Updating dependencies
Lock file operations: 30 installs, 0 updates, 0 removals
  - Locking psr/cache (3.0.0)
  - Locking psr/container (2.0.2)
  - Locking psr/event-dispatcher (1.0.0)
  - Locking psr/log (3.0.2)
  - Locking symfony/cache (v7.2.0-RC1)
  - Locking symfony/cache-contracts (v3.5.0)
  - Locking symfony/config (v7.2.0-RC1)
  - Locking symfony/console (v7.2.0-RC1)
  - Locking symfony/dependency-injection (v7.2.0-RC1)
  - Locking symfony/deprecation-contracts (v3.5.0)
  - Locking symfony/dotenv (v7.2.0-RC1)
  - Locking symfony/error-handler (v7.2.0-RC1)
  - Locking symfony/event-dispatcher (v7.2.0-RC1)
  - Locking symfony/event-dispatcher-contracts (v3.5.0)
  - Locking symfony/filesystem (v7.2.0-RC1)
  - Locking symfony/finder (v7.2.0-RC1)
  - Locking symfony/framework-bundle (v7.2.0-RC1)
  - Locking symfony/http-foundation (v7.2.0-RC1)
  - Locking symfony/http-kernel (v7.2.0-RC1)
  - Locking symfony/polyfill-intl-grapheme (v1.31.0)
  - Locking symfony/polyfill-intl-normalizer (v1.31.0)
  - Locking symfony/polyfill-mbstring (v1.31.0)
  - Locking symfony/polyfill-php83 (v1.31.0)
  - Locking symfony/routing (v7.2.0-RC1)
  - Locking symfony/runtime (v7.2.0-RC1)
  - Locking symfony/service-contracts (v3.5.0)
  - Locking symfony/string (v7.2.0-RC1)
  - Locking symfony/var-dumper (v7.2.0-RC1)
  - Locking symfony/var-exporter (v7.2.0-RC1)
  - Locking symfony/yaml (v7.2.0-RC1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 30 installs, 0 updates, 0 removals
  - Installing symfony/runtime (v7.2.0-RC1): Extracting archive
  - Installing psr/cache (3.0.0): Extracting archive
  - Installing symfony/cache-contracts (v3.5.0): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive
  - Installing symfony/string (v7.2.0-RC1): Extracting archive
  - Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.5.0): Extracting archive
  - Installing symfony/console (v7.2.0-RC1): Extracting archive
  - Installing symfony/dotenv (v7.2.0-RC1): Extracting archive
  - Installing psr/event-dispatcher (1.0.0): Extracting archive
  - Installing symfony/event-dispatcher-contracts (v3.5.0): Extracting archive
  - Installing symfony/routing (v7.2.0-RC1): Extracting archive
  - Installing symfony/polyfill-php83 (v1.31.0): Extracting archive
  - Installing symfony/http-foundation (v7.2.0-RC1): Extracting archive
  - Installing symfony/event-dispatcher (v7.2.0-RC1): Extracting archive
  - Installing symfony/var-dumper (v7.2.0-RC1): Extracting archive
  - Installing psr/log (3.0.2): Extracting archive
  - Installing symfony/error-handler (v7.2.0-RC1): Extracting archive
  - Installing symfony/http-kernel (v7.2.0-RC1): Extracting archive
  - Installing symfony/finder (v7.2.0-RC1): Extracting archive
  - Installing symfony/filesystem (v7.2.0-RC1): Extracting archive
  - Installing symfony/var-exporter (v7.2.0-RC1): Extracting archive
  - Installing symfony/dependency-injection (v7.2.0-RC1): Extracting archive
  - Installing symfony/config (v7.2.0-RC1): Extracting archive
  - Installing symfony/cache (v7.2.0-RC1): Extracting archive
  - Installing symfony/framework-bundle (v7.2.0-RC1): Extracting archive
  - Installing symfony/yaml (v7.2.0-RC1): Extracting archive
Generating autoload files
27 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Symfony operations: 4 recipes (f4e8b94c1288de8cc019ee5b179f5d03)
  - Configuring symfony/flex (>=1.0): From github.com/symfony/recipes:main
  - Configuring symfony/framework-bundle (>=7.2): From github.com/symfony/recipes:main
  - Configuring symfony/console (>=5.3): From github.com/symfony/recipes:main
  - Configuring symfony/routing (>=7.0): From github.com/symfony/recipes:main
Executing script cache:clear [KO]
 [KO]
Script cache:clear returned with error code 1
!!
!!  In FrameworkExtension.php line 1820:
!!
!!    CSRF support cannot be enabled as the Security CSRF component is not instal
!!    led. Try running "composer require symfony/security-csrf".
!!
!!
!!
Script @auto-scripts was called via post-update-cmd

  unable to run /usr/local/bin/composer create-project symfony/skeleton /tmp/next 7.2.x@dev --no-interaction
@nicolas-grekas nicolas-grekas mentioned this issue Nov 20, 2024
Merged
nicolas-grekas added a commit to symfony/symfony that referenced this issue Nov 20, 2024
@nicolas-grekas
bug #58937 [FrameworkBundle] Don't auto-register form/csrf when the c…
552f774 
…orresponding components are not installed (nicolas-grekas)

This PR was merged into the 7.2 branch.

Discussion
----------

[FrameworkBundle] Don't auto-register form/csrf when the corresponding components are not installed

| Q             | A
| ------------- | ---
| Branch?       | 7.2
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Issues        | Fix symfony/recipes#1358
| License       | MIT

Commits
-------

596487b [FrameworkBundle] Don't auto-register form/csrf when the corresponding components are not installed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@rosier @nicolas-grekas