diff --git a/src/Sylius/Bundle/CoreBundle/Resources/config/services/templating.xml b/src/Sylius/Bundle/CoreBundle/Resources/config/services/templating.xml index 5ab7c207e0..5147a9d128 100644 --- a/src/Sylius/Bundle/CoreBundle/Resources/config/services/templating.xml +++ b/src/Sylius/Bundle/CoreBundle/Resources/config/services/templating.xml @@ -50,7 +50,10 @@ - + %sylius_admin.security.csrf_parameter% + %sylius_admin.security.csrf_token_id% + %sylius_shop.security.csrf_parameter% + %sylius_shop.security.csrf_token_id% diff --git a/src/Sylius/Bundle/CoreBundle/Twig/SecurityCsrfExtension.php b/src/Sylius/Bundle/CoreBundle/Twig/SecurityCsrfExtension.php index c13a7f5027..cd90645377 100644 --- a/src/Sylius/Bundle/CoreBundle/Twig/SecurityCsrfExtension.php +++ b/src/Sylius/Bundle/CoreBundle/Twig/SecurityCsrfExtension.php @@ -13,14 +13,16 @@ declare(strict_types=1); namespace Sylius\Bundle\CoreBundle\Twig; -use Symfony\Component\DependencyInjection\ContainerInterface; use Twig\Extension\AbstractExtension; use Twig\TwigFunction; final class SecurityCsrfExtension extends AbstractExtension { public function __construct( - private readonly ContainerInterface $container, + private readonly string $adminCsrfParameter, + private readonly string $adminCsrfTokenId, + private readonly string $shopCsrfParameter, + private readonly string $shopCsrfTokenId, ) { } @@ -34,11 +36,19 @@ final class SecurityCsrfExtension extends AbstractExtension public function getCsrfParameter(string $section): string { - return (string) $this->container->getParameter(sprintf('sylius_%s.security.csrf_parameter', $section)); + return match ($section) { + 'admin' => $this->adminCsrfParameter, + 'shop' => $this->shopCsrfParameter, + default => throw new \InvalidArgumentException(sprintf('Unknown section "%s". Expected "admin" or "shop".', $section)), + }; } public function getCsrfTokenId(string $section): string { - return (string) $this->container->getParameter(sprintf('sylius_%s.security.csrf_token_id', $section)); + return match ($section) { + 'admin' => $this->adminCsrfTokenId, + 'shop' => $this->shopCsrfTokenId, + default => throw new \InvalidArgumentException(sprintf('Unknown section "%s". Expected "admin" or "shop".', $section)), + }; } }