EZP-25482: Fix exception with CSRF protection disabled

ezsystems · Feb 17, 2016 · 9a2db3d · 9a2db3d
1 parent d4409aa
commit 9a2db3d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/ApplicationConfig/Providers/SessionInfo.php b/ApplicationConfig/Providers/SessionInfo.php
@@ -29,7 +29,7 @@ class SessionInfo implements Provider
 
     public function __construct(
         SessionInterface $session,
-        CsrfTokenManagerInterface $csrfTokenManager,
+        CsrfTokenManagerInterface $csrfTokenManager = null,
         $csrfTokenIntention,
         RouterInterface $router
     ) {
@@ -46,11 +46,14 @@ public function getConfig()
             $sessionInfo['isStarted'] = true;
             $sessionInfo['name'] = $this->session->getName();
             $sessionInfo['identifier'] = $this->session->getId();
-            $sessionInfo['csrfToken'] = $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
             $sessionInfo['href'] = $this->generateUrl(
                 'ezpublish_rest_deleteSession',
                 ['sessionId' => $this->session->getId()]
             );
+
+            if ($this->csrfTokenManager instanceof CsrfTokenManagerInterface) {
+                $sessionInfo['csrfToken'] = $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
+            }
         }
 
         return $sessionInfo;

diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -60,7 +60,7 @@ services:
         class: %ezsystems.platformui.application_config.provider.session_info.class%
         arguments:
             - @session
-            - @security.csrf.token_manager
+            - @?security.csrf.token_manager
             - %ezpublish_rest.csrf_token_intention%
             - @router
         tags: