Missing Cross-Site Request Forgery (CSRF) configuration

Description

Disabling Cross-Site Request Forgery (CSRF) protection allows attackers to trick clients into making unintentional requests to your application.

Remediations

❌ Don't disable CRSF protection

Resources

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_symfony_csrf_protection_disabled

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_symfony_csrf_protection_disabled