Let's finish this! Back on
debug:config, search for
it's already set to
en. Cool! Let's remove that from
config.yml. You can
move it if you want: the
translator did add a
locale parameter. I'll delete
Close a few files: I want to keep comparing
config.yml, we have
csrf_protection activated. Ok, so uncomment it in
Then, remove it from
config.yml. Let's also remove
serializer: I wasn't using
it before. If you are, run
composer require serializer to activate it. No config
|... lines 2 - 3|
|... lines 5 - 16|
Ok, let's see if we broke anything! Run:
Woh! We're busted!
CSRF support cannot be enabled as the Security CSRF component is not installed.
csrf_protection activates a component that
we don't have installed! No problem! Go back to
symfony.sh and search for "csrf".
There it is! Run:
composer require security-csrf
By the way, once this is installed, the
csrf_protection key in
should not be needed... well, starting in Symfony 4.0.2... there was a small bug.
Since I'm using 4.0.1, I'll keep it.
Let's go check on Composer. It downloads the package and... explodes!
CSRF protection needs sessions to be enabled
Ah, sessions. They are off by default. Uncomment this config to activate them.
Sessions are a bit weird, because, unlike
can't activate them simply by requiring a package. You need to manually change
this config. It's no big deal, but it's the one part of
framework config that
isn't super smooth.
|... lines 2 - 7|
|# With this config, PHP's native session handling is used|
|... lines 11 - 16|
Oh, and notice that this config is a bit different than before. In Symfony 3,
we stored sessions in
var/sessions. And you can still totally do this. But
the new default tells PHP to store it on the filesystem wherever it wants. It's
just one less thing to worry about: PHP will handle all the file permissions.
Just remember: when you change your session storage location, your users will lose their current session data when you first deploy!
Remove the old session configuration. Let's see if the app works!
We're getting close! Next is
templating. This component still exists, but isn't
recommended anymore. Instead, you should use
twig directly. So, delete it.
If your app references the
templating service, you'll need to change that to
But our app does use Twig. So find your terminal. Oh, let's commit first: I want to see what the Twig recipe does. Create a calm and sophisticated commit message. Now run:
composer require twig
Yay aliases! This added TwigBundle, and Flex installed its Recipe. Run:
Ah, this made some cool changes! First, in
config/bundles.php, it automatically
enabled the bundle. Flex does this for every bundle. I love that!
It also added a
config/packages/twig.yaml file. Where do templates live in a Flex
app? You can see it right here! In
templates/ at the root of our project. And
hey! It even created that directory for us with
The config in
twig.yaml is almost the same as our old app. Copy the extra
number_format keys, delete the old config, and paste them at
the bottom of
Oh, and the recipe gave us something else for free! Any routes in
are automatically loaded, but only in the
dev environment. The recipe added a
twig.yaml file there with a route import. This helps you debug and design your
error pages. All of this stuff is handled automatically.
Now that we know that template files should live in
templates/, let's move them
app/Resources/views. Copy all of the files and paste them. And yes,
we do want to override the default
Perfect! Now, celebrate: completely remove
app/Resources/views. Actually, woh!
We can delete all of
app/ directory is getting really small!
We're now down to the final parts of
framework. So what about
http_method_override? Remove all of those. And in
|... lines 2 - 12|
|... lines 14 - 16|
If you run:
bin/console debug:config framework
you'll see that the other keys already default to the old values. Yep,
trusted_hosts is already empty.
This leaves us with one last key:
assets. And guess what? This enables a component.
And right now, in
debug:config, you can see that
composer require asset
It installs the component, but this time, there is no recipe. But run
./bin/console debug:config framework
Search for "asset". Ha, yes! It enabled itself.
Ok: delete the
framework key. This is huge! I know I know, it feels like we
still have a lot of work to do. But that's not true! With
framework out of the way,
we are in the home stretch!