-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
Closed
Labels
RFCRFC = Request For Comments (proposals about features that you want to be discussed)RFC = Request For Comments (proposals about features that you want to be discussed)SecurityStalled
Milestone
Description
symfony/security-csrf
is installable as a stand-alone package. However, it requires security-core
:
symfony/src/Symfony/Component/Security/Csrf/composer.json
Lines 18 to 21 in 27aceb6
"require": { | |
"php": ">=7.2.5", | |
"symfony/security-core": "^4.4|^5.0|^6.0" | |
}, |
I use CSRF in some forms not related to Security, so I want CSRF but I don't want the entire Security package. Why is this important to me?
Because symfony/security-csrf
is a tiny 18-file and 0.06 MB on disk package, whereas symfony/security-core
is a big 258-file and 1.1 MB on disk package.
Moreover, although CSRF requires the entire Security package, it only uses two tiny exception classes from it:
Here:
use Symfony\Component\Security\Core\Exception\InvalidArgumentException; |
And here:
use Symfony\Component\Security\Core\Exception\RuntimeException; |
So maybe we can decouple these packages? Thanks!
kaznovac, kissifrot, sukei and jvasseur
Metadata
Metadata
Assignees
Labels
RFCRFC = Request For Comments (proposals about features that you want to be discussed)RFC = Request For Comments (proposals about features that you want to be discussed)SecurityStalled