I'm constructing an example in Symfony 3.4 that showcases how not to generate CSRF tokens (for educational purposes). I've made a custom CsrfTokenGenerator
that implements the TokenGeneratorInterface
, but now I would like to configure the CsrfTokenManager
that's built-in in Symfony to use this generator for generating CSRF-tokens instead of the default one. How can I configure this in the Symfony yml-files? Or is there any other way to achieve this?
The CsrfTokenManager
constructor has the following signature public function __construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null)
and can thus take a custom TokenGeneratorInterface
as a parameter, but how can I set this parameter, as we don't have direct access to this controller.
Uhh, this is a good one. There's no simple way of doing it. By simple way I mean overriding a config parameter.
In situations like these you make use of Compiler Passes . Here is the way to go about it:
TokenGeneratorInterface
as a service. CustomCsrfTokenGeneratorPass
. There are different ways of registering it depending if you are in a bundle or in your app. $container->findDefinition()
method to find the registered definition of the CsrfTokenManager
. $definition->setArgument()
on it. Replace the argument of your choice with a reference. `new Reference('your-custom-crsf-token-generator-service-id'). Make sure to take a look to the compiler pass docs for more info.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.