Scroll down to the script below, click on any sentence (including terminal blocks!) to jump to that spot in the video!
With a Subscription, click any sentence in the script to jump to that part of the video!Login Subscribe
Let's finish this! Back on
debug:config, search for
default_locale. Apparently, it's already set to
en. Cool! Let's remove that from
config.yml. You can move it if you want: the
translator did add a
locale parameter. I'll delete it.
Close a few files: I want to keep comparing
config.yml, we have
csrf_protection activated. Ok, so uncomment it in
framework.yaml. Then, remove it from
config.yml. Let's also remove
serializer: I wasn't using it before. If you are, run
composer require serializer to activate it. No config is needed.
|... lines 2 - 3|
|... lines 5 - 16|
Ok, let's see if we broke anything! Run:
Woh! We're busted!
CSRF support cannot be enabled as the Security CSRF component is not installed.
csrf_protection activates a component that we don't have installed! No problem! Go back to
symfony.sh and search for "csrf". There it is! Run:
composer require security-csrf
By the way, once this is installed, the
csrf_protection key in
framework.yaml should not be needed... well, starting in Symfony 4.0.2... there was a small bug. Since I'm using 4.0.1, I'll keep it.
Let's go check on Composer. It downloads the package and... explodes!
CSRF protection needs sessions to be enabled
Ah, sessions. They are off by default. Uncomment this config to activate them. Sessions are a bit weird, because, unlike
csrf_protection, you can't activate them simply by requiring a package. You need to manually change this config. It's no big deal, but it's the one part of
framework config that isn't super smooth.
|... lines 2 - 7|
|# With this config, PHP's native session handling is used|
|... lines 11 - 16|
Oh, and notice that this config is a bit different than before. In Symfony 3, we stored sessions in
var/sessions. And you can still totally do this. But the new default tells PHP to store it on the filesystem wherever it wants. It's just one less thing to worry about: PHP will handle all the file permissions.
Just remember: when you change your session storage location, your users will lose their current session data when you first deploy!
Remove the old session configuration. Let's see if the app works!
We're getting close! Next is
templating. This component still exists, but isn't recommended anymore. Instead, you should use
twig directly. So, delete it.
If your app references the
templating service, you'll need to change that to
But our app does use Twig. So find your terminal. Oh, let's commit first: I want to see what the Twig recipe does. Create a calm and sophisticated commit message. Now run:
composer require twig
Yay aliases! This added TwigBundle, and Flex installed its Recipe. Run:
Ah, this made some cool changes! First, in
config/bundles.php, it automatically enabled the bundle. Flex does this for every bundle. I love that!
It also added a
config/packages/twig.yaml file. Where do templates live in a Flex app? You can see it right here! In
templates/ at the root of our project. And hey! It even created that directory for us with
The config in
twig.yaml is almost the same as our old app. Copy the extra
number_format keys, delete the old config, and paste them at the bottom of
Oh, and the recipe gave us something else for free! Any routes in
config/routes/dev are automatically loaded, but only in the
dev environment. The recipe added a
twig.yaml file there with a route import. This helps you debug and design your error pages. All of this stuff is handled automatically.
Now that we know that template files should live in
templates/, let's move them there! Open
app/Resources/views. Copy all of the files and paste them. And yes, we do want to override the default
Perfect! Now, celebrate: completely remove
app/Resources/views. Actually, woh! We can delete all of
app/ directory is getting really small!
We're now down to the final parts of
framework. So what about
http_method_override? Remove all of those. And in
|... lines 2 - 12|
|... lines 14 - 16|
If you run:
bin/console debug:config framework
you'll see that the other keys already default to the old values. Yep,
http_method_override is still
trusted_hosts is already empty.
This leaves us with one last key:
assets. And guess what? This enables a component. And right now, in
debug:config, you can see that
composer require asset
It installs the component, but this time, there is no recipe. But run
./bin/console debug:config framework
Search for "asset". Ha, yes! It enabled itself.
Ok: delete the
framework key. This is huge! I know I know, it feels like we still have a lot of work to do. But that's not true! With
framework out of the way, we are in the home stretch!