From 0ca406f6358826e3f94a5da201f01e68ee2ce424 Mon Sep 17 00:00:00 2001
From: Ryan Prather <ryan@rkprather.com>
Date: Tue, 17 Dec 2024 11:49:22 -0500
Subject: [PATCH] Fix CSRF not showing the token

---
 config/packages/csrf.yaml      | 11 +++++++++++
 config/packages/framework.yaml | 20 ++++++++++----------
 2 files changed, 21 insertions(+), 10 deletions(-)
 create mode 100644 config/packages/csrf.yaml

diff --git a/config/packages/csrf.yaml b/config/packages/csrf.yaml
new file mode 100644
index 0000000..40d4040
--- /dev/null
+++ b/config/packages/csrf.yaml
@@ -0,0 +1,11 @@
+# Enable stateless CSRF protection for forms and logins/logouts
+framework:
+    form:
+        csrf_protection:
+            token_id: submit
+
+    csrf_protection:
+        stateless_token_ids:
+            - submit
+            - authenticate
+            - logout
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index 877eb25..de10908 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -1,16 +1,16 @@
 # see https://symfony.com/doc/current/reference/configuration/framework.html
 framework:
-    secret: '%env(APP_SECRET)%'
-    #csrf_protection: true
+  secret: "%env(APP_SECRET)%"
+  csrf_protection: true
 
-    # Note that the session will be started ONLY if you read or write from it.
-    session: true
+  # Note that the session will be started ONLY if you read or write from it.
+  session: true
 
-    #esi: true
-    #fragments: true
+  #esi: true
+  #fragments: true
 
 when@test:
-    framework:
-        test: true
-        session:
-            storage_factory_id: session.storage.factory.mock_file
+  framework:
+    test: true
+    session:
+      storage_factory_id: session.storage.factory.mock_file