considering users who disable CSRF protection for Symfony

gondo · web-flow · commit 4e9c8219656f · 2016-10-11T10:26:52.000+01:00
User can disable CSRF protection globally in the framework via `framework.csrf_protection.enabled: false`
diff --git a/Controller/SecurityController.php b/Controller/SecurityController.php
@@ -54,7 +54,9 @@ public function loginAction(Request $request)
         // last username entered by the user
         $lastUsername = (null === $session) ? '' : $session->get($lastUsernameKey);
 
-        $csrfToken = $this->get('security.csrf.token_manager')->getToken('authenticate')->getValue();
+        $csrfToken = $this->has('security.csrf.token_manager')
+            ? $this->get('security.csrf.token_manager')->getToken('authenticate')->getValue()
+            : null;
 
         return $this->renderLogin(array(
             'last_username' => $lastUsername,
