Symfony version(s) affected

7.2.0

Description

Hi,

After upgrading from Symfony 7.1.6 to 7.2.0 and updating the associated recipes, I encountered a bug when submitting forms: "CSRF token is invalid".

Key Details:

• Environment: The issue only occurs in the prod environment;
• CSRF Token Issue: The HTML generated for the CSRF token has a value attribute that is undefined:

<inputtype=“hidden”id=“meeting__token”name=“meeting[_token]”data-controller=“csrf-protection”autocomplete=“off”value=“csrf-token”>

Also, I created a fresh Symfony webapp with a simple CRUD setup. The same issue occurred.

How to reproduce

https://github.com/smbpunt/bug-sf-59065

It's a simple new “webapp” with an entity and an associated crud (all generated via maker-bundle).

• Clone
• Install
• Run server
• Go to/new
• Submit a form

Possible Solution

The only working solution/workaround was to comment out thestateless configuration incsrf.yaml :

# Enable stateless CSRF protection for forms and logins/logoutsframework:form:csrf_protection:token_id:submit#    csrf_protection:#        stateless_token_ids:#            - submit#            - authenticate#            - logout

Additional Context

No response