symfony · javiereguiluz · Nov 4, 2025 · Nov 4, 2025 · Nov 4, 2025 · Nov 4, 2025
diff --git a/.env b/.env
@@ -17,6 +17,7 @@
 ###> symfony/framework-bundle ###
 APP_ENV=dev
 APP_SECRET=
+APP_SHARE_DIR=$APP_PROJECT_DIR/var/share
 ###< symfony/framework-bundle ###
 
 ###> doctrine/doctrine-bundle ###
@@ -32,3 +33,9 @@ DATABASE_URL="sqlite:///%kernel.project_dir%/data/database.sqlite"
 ###> symfony/mailer ###
 MAILER_DSN=null://null
 ###< symfony/mailer ###
+
+###> symfony/routing ###
+# Configure how to generate URLs in non-HTTP contexts, such as CLI commands.
+# See https://symfony.com/doc/current/routing.html#generating-urls-in-commands
+DEFAULT_URI=http://localhost
+###< symfony/routing ###
diff --git a/.env.local.demo b/.env.local.demo
diff --git a/assets/app.js b/assets/app.js
@@ -1,5 +1,5 @@
 // start the Stimulus application
-import './bootstrap.js';
+import './stimulus_bootstrap.js';
 import './styles/app.scss';
 import 'highlight.js/styles/github-dark-dimmed.css';
 import 'lato-font/css/lato-font.css';

diff --git a/assets/controllers/csrf_protection_controller.js b/assets/controllers/csrf_protection_controller.js
@@ -2,6 +2,8 @@ const nameCheck = /^[-_a-zA-Z0-9]{4,22}$/;
 const tokenCheck = /^[-_/+a-zA-Z0-9]{24,}$/;
 
 // Generate and double-submit a CSRF token in a form field and a cookie, as defined by Symfony's SameOriginCsrfTokenManager
+// Use `form.requestSubmit()` to ensure that the submit event is triggered. Using `form.submit()` will not trigger the event
+// and thus this event-listener will not be executed.
 document.addEventListener('submit', function (event) {
     generateCsrfToken(event.target);
 }, true);
@@ -33,8 +35,8 @@ export function generateCsrfToken (formElement) {
     if (!csrfCookie && nameCheck.test(csrfToken)) {
         csrfField.setAttribute('data-csrf-protection-cookie-value', csrfCookie = csrfToken);
         csrfField.defaultValue = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto || window.msCrypto).getRandomValues(new Uint8Array(18))));
-        csrfField.dispatchEvent(new Event('change', { bubbles: true }));
     }
+    csrfField.dispatchEvent(new Event('change', { bubbles: true }));
 
     if (csrfCookie && tokenCheck.test(csrfToken)) {
         const cookie = csrfCookie + '_' + csrfToken + '=' + csrfCookie + '; path=/; samesite=strict';

diff --git a/assets/bootstrap.js → assets/stimulus_bootstrap.js b/assets/bootstrap.js → assets/stimulus_bootstrap.js
@@ -1,5 +1,6 @@
 import { startStimulusApp } from '@symfony/stimulus-bundle';
 
 const app = startStimulusApp();
+
 // register any custom, 3rd party controllers here
 // app.register('some_controller_name', SomeImportedController);
diff --git a/composer.json b/composer.json
@@ -3,8 +3,8 @@
     "license": "MIT",
     "type": "project",
     "description": "Symfony Demo Application",
-    "minimum-stability": "stable",
-    "prefer-stable": true,
+    "minimum-stability": "dev",
+    "prefer-stable": false,
     "require": {
         "php": ">=8.2",
         "ext-ctype": "*",
@@ -111,7 +111,7 @@
     "extra": {
         "symfony": {
             "allow-contrib": true,
-            "require": "7.3.*"
+            "require": "7.4.*"
         }
     }
 }