From 79df644dbaf0b2cc3ed78a3cd320cce59d42bfa0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marin=20B=C3=AEnzari?= <spartakusmd@gmail.com>
Date: Fri, 27 Sep 2024 14:58:10 +0300
Subject: [PATCH] doc: add notes about CSRF and Form requirements (#98)

---
 README.md     | 7 +++++++
 composer.json | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b6ecab1..dea692a 100644
--- a/README.md
+++ b/README.md
@@ -201,6 +201,13 @@ bin/console messenger:monitor:schedule:purge --remove-orphans
 
 ## User Interface
 
+> [!NOTE]
+> `symfony/form` (`composer require symfony/form`) is required for the UI.
+
+> [!NOTE]
+> If using `symfony/scheduler` and the UI, `symfony/security-csrf` (`composer require symfony/security-csrf`) is required.
+> CSRF protection and sessions must also be enabled in your `config/packages/framework.yaml`.
+
 > [!NOTE]
 > [Storage](#storage) must be configured for this feature.
 
diff --git a/composer.json b/composer.json
index a7035e8..2813288 100644
--- a/composer.json
+++ b/composer.json
@@ -41,7 +41,9 @@
     "suggest": {
         "knplabs/knp-time-bundle": "For human readable timestamps and durations on your dashboard.",
         "lorisleiva/cron-translator": "For human readable cron expressions on your dashboard.",
-        "symfony/ux-live-component": "For Live Components"
+        "symfony/ux-live-component": "For Live Components",
+        "symfony/form": "For the UI",
+        "symfony/security-csrf": "For CSRF token used in UI Ajax calls"
     },
     "config": {
         "preferred-install": "dist",