The good news is that this is a known issue:
https://github.com/symfony/symfony/issues/1051
https://github.com/symfony/symfony/issues/1115
The bad news is it isn't fixed yet. What I've done as a temporary solution
is I manually render all of my hidden fields and just avoid using
form_rest() entirely. It isn't as convenient, but it works. If you need to
render the _token field for CSRF protection, you can do that pretty easily:
{{ form_widget(form._token) }}
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
