CSRF is invalid with Stateless CSRF

### Symfony version(s) affected

7.2.0

### Description

Hi, 

After upgrading from Symfony 7.1.6 to 7.2.0 and updating the associated recipes, I encountered a bug when submitting forms: "CSRF token is invalid".

**Key Details:**
- Environment: The issue only occurs in the prod environment;
- CSRF Token Issue: The HTML generated for the CSRF token has a value attribute that is undefined:
```html
<input type=“hidden” id=“meeting__token” name=“meeting[_token]” data-controller=“csrf-protection” autocomplete=“off” value=“csrf-token”>
```

Also, I created a fresh Symfony webapp with a simple CRUD setup. The same issue occurred.

### How to reproduce

https://github.com/smbpunt/bug-sf-59065

It's a simple new “webapp” with an entity and an associated crud (all generated via maker-bundle).

- Clone
- Install
- Run server
- Go to `/new`
- Submit a form



### Possible Solution

The only working solution/workaround was to comment out the `stateless` configuration in `csrf.yaml` :

```yaml
# Enable stateless CSRF protection for forms and logins/logouts
framework:
  form:
    csrf_protection:
      token_id: submit

#    csrf_protection:
#        stateless_token_ids:
#            - submit
#            - authenticate
#            - logout
```

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

CSRF is invalid with Stateless CSRF #59065

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

CSRF is invalid with Stateless CSRF #59065

Description

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions