2026-06-14 20:49:31 +02:00
|
|
|
# see https://symfony.com/doc/current/reference/configuration/framework.html
|
|
|
|
|
framework:
|
|
|
|
|
secret: '%env(APP_SECRET)%'
|
|
|
|
|
|
|
|
|
|
# Note that the session will be started ONLY if you read or write from it.
|
2026-06-18 01:37:59 +02:00
|
|
|
session:
|
|
|
|
|
# Same-origin SPA cookie session: not readable by JS, sent on same-site
|
|
|
|
|
# navigations. cookie_secure: auto → Secure flag only over HTTPS (prod),
|
|
|
|
|
# so local HTTP dev still works.
|
|
|
|
|
cookie_httponly: true
|
|
|
|
|
cookie_samesite: lax
|
|
|
|
|
cookie_secure: auto
|
2026-06-14 20:49:31 +02:00
|
|
|
|
|
|
|
|
#esi: true
|
|
|
|
|
#fragments: true
|
|
|
|
|
|
|
|
|
|
when@test:
|
|
|
|
|
framework:
|
|
|
|
|
test: true
|
|
|
|
|
session:
|
|
|
|
|
storage_factory_id: session.storage.factory.mock_file
|