security-csrf | Symfony Security Component - CSRF Library | Hacking library

I have had this error when using symfony server:start with docker inside a php-alpine container. Each time i run migrations or doctrine:schema:update in a fresh installed instance, my symfony local web-server would throw error: issue with server callback error="unable to fetch the response from the backend: malformed MIME header: missing colon: "FROM information_schema.schemata I solved it by dropping the alpine container and building everything from the FROM ubuntu:20.04 image: i had to install php, drivers and all dependencies too. This did not go well with my production env because the image was above 1GB, meaning it had binaries i did not need in production. From experience the symfony local web-server needs a python environment but am not sure on that.

After some days, i stumbled on this git repository: https://github.com/dunglas/symfony-docker. which is recommended from Symfony docs here: Using Docker with Symfony. It uses caddy as the web-server. I learnt from it, tweaked to suit my needs and from then never used symfony local web-server. Its a good project, kudos to Kévin Dunglas and maintainers. The php image is about 200MB. Caddy too is about 40MB. Great for both prod and dev environments.

Please peruse the repo and adopt what you can or everything.

Disclaimer: This is not an answer to your problem/error, but an easy alternative.

Considering your output:

Restricting packages listed in "symfony/symfony" to "5.0.*"

You currently have something like this in your composer.json:

When switching between environments I sometimes have to delete the cache folders manually.

When this happens, I usually do:

Ocramius is well known for his harsh stance in maintaining backward compatibility.

On this case, release 2.9.0 says:

This release upgrades ocramius/proxy-manager to use composer-runtime-api:^2: this means that you will need composer:^2 to install this version of ProxyManager.

In order to upgrade to composer v2, you can run composer self-update --2 on your development or CI/CD system.

So your options are:

• either upgrade composer to version 2 (composer self-update --2), which is really the recommended way to go unless you have some specific composer plugin that you really need and hasn't been updated to account for the new release.

• Find which package you are installing is the one that requires the proxy-manager (composer why ocramius/proxy-manager), and see if you can adjust your version constraints on that package so that it depends on an older (< 2.9) version of ocramius/proxy-manager. (I mention this option only for completeness sake, but upgrading composer is really the way to go).

This is a bit of a guess but the 4.2 linked repo has:

I tried in a directory that does not contain Japanese.

Oh my goodness! The problem was garbled!

If you want to use CSRF with a http only false cookie, why not use Spring Security's built in CookieCsrfTokenRepository? Should simplify your config that way. CustomCsrfFilter seems to be adding a XSRF-TOKEN cookie to the HttpServletResponse, which CookieCsrfTokenRepository does for you.

The default CSRF cookie name when using CookieCsrfTokenRepository is X-CSRF-TOKEN, which is conveniently the default name Angular's HttpClientXsrfModule uses. Of course you can customize that if you need.

So your security config becomes: