I'm working on a eZ publish 5 project. This CMS is based on symfony 2. I have built a form without class as described in tge page : http://symfony.com/doc/current/book/forms.html#using-a-form-without-a-class
On the eZ publish 5 documentation (https://confluence.ez.no/display/EZP/Legacy+configuration+injection) I read that I need to set the CSRF intention parameter to 'legacy'. I can't figure how to do this. I tried to use the add method on my formBuilder :
$this->createFormBuilder()->add('_token', 'csrf', array('intention'=>'legacy');
But I get an error 'could not load type csrf'.
Can someone help me on this ?
Thanks.
Okay, I have given this a try.
My first answer is actually a question: If you don't intend to execute any legacy kernel code as a follow-up to your form, you don't need to care about the intention, I believe.
Intentions between the Symfony and legacy kernels only need to match if the Legacy Kernel is booted (in which case it will check if there is a token, and if it is valid).
If you need to use the Legacy Kernel, you can set the intention to legacy by passing custom form options:
$formOptions = array( 'intention' => 'legacy' );
$form = $this->createFormBuilder( null, $formOptions )
->add( 'text', 'text' )
->getForm();
Setting the default intention is explained in http://symfony.com/doc/current/book/forms.html#csrf-protection, but I wouldn't really advise this, unless you intend to only rely on the legacy kernel.