-
Notifications
You must be signed in to change notification settings - Fork 6
/
csrf_protection.yaml
73 lines (73 loc) · 3.95 KB
/
csrf_protection.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
questions:
-
uuid: 1eebf878-8b97-6e1c-8db5-99d84c92580c
question: 'By default, what is the form field containing the CSRF token?'
answers:
- { value: _token, correct: true }
- { value: _csrf, correct: false }
- { value: ThisTokenIsNotSoSecretChangeIt, correct: false }
- { value: _secret, correct: false }
help: 'https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-symfony-forms'
-
uuid: 1eebf878-8b98-6fba-ac9a-99d84c92580c
question: 'Is the Form component required to generate a csrf token in templates?'
answers:
- { value: 'Yes', correct: false }
- { value: 'No', correct: true }
help: 'https://symfony.com/doc/current/security/csrf.html#generating-and-checking-csrf-tokens-manually'
-
uuid: 1eebf878-8b9f-69be-9e3c-99d84c92580c
question: 'Using Form factory, how to define a CSRF provider?'
answers:
- { value: '$formFactory->addExtension(new CsrfExtension($csrfManager));', correct: true }
- { value: '$formFactory->setExtension(new CsrfExtension($csrfManager));', correct: false }
- { value: '$formFactory->addCsrfExtension(new CsrfExtension($csrfManager));', correct: false }
help: 'https://symfony.com/doc/current/components/form.html#csrf-protection'
-
uuid: 1eebf878-8b9f-6a0e-aed4-99d84c92580c
question: 'Using Form component, which option can you use into configureOptions() method to enable CSRF protection?'
answers:
- { value: '"csrf_protection" => true', correct: true }
- { value: '"csrf_field" => true', correct: false }
- { value: '"csrf" => "enabled"', correct: false }
- { value: '"csrf" => true', correct: false }
help: 'https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-symfony-forms'
-
uuid: 1eebf878-8b9f-6a54-a024-99d84c92580c
question: 'Using Form component, option csrf_error_message can be used in configureOptions() to define a custom CSRF error message?'
answers:
- { value: 'Yes', correct: false }
- { value: 'No', correct: true }
help: 'https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-symfony-forms'
-
uuid: 1eebf878-8ba2-6ac4-adf1-99d84c92580c
question: 'When using the form_login authentication provider, you just have to add a _csrf_token named input field to allow csrf validation to work'
answers:
- { value: 'True', correct: false }
- { value: 'False', correct: true }
help: 'https://symfony.com/doc/current/security.html#form-login'
-
uuid: 1eebf878-8ba5-680a-a545-99d84c92580c
question: 'how to override the field name of the the csrf token in a form ?'
answers:
- { value: 'by renaming the "name" value in the html input, before using crsf_token() in twig to generate it', correct: true }
- { value: 'by adding a CsrfTokenType and setting a "name" value in it''s option', correct: false }
- { value: "by overriding the 'csrf_field_name' in the function $resolver->setDefault in configureOptions of the targeted form.", correct: true }
- { value: 'by setting it in the config.yaml file framework.csrf_token.default_field', correct: false }
help: 'https://symfony.com/doc/current/security/csrf.html'
-
uuid: 1eebf878-8ba5-6878-8ebd-99d84c92580c
question: "Is csrf_protection set to false in configureOptions' method, a correct way to disable csrf in a form ?"
answers:
- { value: 'No', correct: false }
- { value: 'Yes', correct: true }
help: 'https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-symfony-forms'
-
uuid: 1eedad53-9a0c-6cc2-8bbd-43a19afa5a59
question: 'What is the CSRF token ID used when adding CSRF protection to a login form in Symfony?'
answers:
- { value: login, correct: false }
- { value: authenticate, correct: true }
- { value: security, correct: false }
- { value: csrf_login, correct: false }
help: 'https://symfony.com/doc/current/security.html#csrf-protection-in-login-forms'