srcf

config/packages/framework.yaml

@@ -1,10 +1,14 @@
 # see https://symfony.com/doc/current/reference/configuration/framework.html
 framework:
     secret: '%env(APP_SECRET)%'
-    #csrf_protection: true
+    csrf_protection: true
 
     # Note that the session will be started ONLY if you read or write from it.
-    session: true
+    session:
+        enabled: true
+        handler_id: null
+        cookie_secure: auto
+
 
     #esi: true
     #fragments: true

config/packages/security.yaml

@@ -23,6 +23,8 @@ security:
         login_path: app_login
         check_path: app_login
         enable_csrf: true
+        csrf_token_id: authenticate
+        csrf_parameter: _csrf_token
         default_target_path: /
       logout:
         path: app_logout