Merge branch '7.4' into 8.0

xabbuh · xabbuh · commit 51d2678e8d2e · 2025-09-01T15:25:29.000+02:00
* 7.4:
  [Security] add `methods` argument to #[IsGranted] to restrict access by HTTP method
  [Mailer] Document Mailtrap's sandbox compatibility
  Update advanced-config.rst
  Add documentation for extending `IsGranted` attribute
  framework.rst: fixed `cookie_samesite` default value
  Documenting changes in the debug:router output
  [DomCrawler] Remove useless note about useHtml5Parser argument
  [Routing] allow passing multiple environments to Route `env` argument
  clarify that "placeholder" is an input attribute to configure
diff --git a/components/dom_crawler.rst b/components/dom_crawler.rst
@@ -649,23 +649,8 @@ another given base URI::
     UriResolver::resolve('?a=b', 'http://localhost/bar#foo'); // http://localhost/bar?a=b
     UriResolver::resolve('../../', 'http://localhost/'); // http://localhost/
 
-Using a HTML5 Parser
-~~~~~~~~~~~~~~~~~~~~
-
-If you need the :class:`Symfony\\Component\\DomCrawler\\Crawler` to use an HTML5
-parser, set its ``useHtml5Parser`` constructor argument to ``true``::
-
-    use Symfony\Component\DomCrawler\Crawler;
-
-    $crawler = new Crawler(null, $uri, useHtml5Parser: true);
-
-By doing so, the crawler will use the HTML5 parser provided by the `masterminds/html5`_
-library to parse the documents.
-
 Learn more
 ----------
 
 * :doc:`/testing`
 * :doc:`/components/css_selector`
-
-.. _`masterminds/html5`: https://packagist.org/packages/masterminds/html5
diff --git a/frontend/encore/advanced-config.rst b/frontend/encore/advanced-config.rst
@@ -165,7 +165,7 @@ Use the following command to find the right service:
 
 .. code-block:: terminal
 
-    $ php bin/console console debug:container entrypoint_lookup
+    $ php bin/console debug:container entrypoint_lookup
 
     # You will see a result similar to this:
     Select one of the following services to display its information:
diff --git a/mailer.rst b/mailer.rst
@@ -219,7 +219,8 @@ party provider:
 +------------------------+-------------------------------------------------------------------------------------------+
 | `Mailtrap`_            | - SMTP ``mailtrap+smtp://PASSWORD@default``                                               |
 |                        | - HTTP n/a                                                                                |
-|                        | - API ``mailtrap+api://API_TOKEN@default``                                                |
+|                        | - API (Live) ``mailtrap+api://API_TOKEN@default``                                         |
+|                        | - API (Sandbox) ``mailtrap+sandbox://API_TOKEN@default/?inboxId=INBOX_ID``                |
 +------------------------+-------------------------------------------------------------------------------------------+
 | `Microsoft Graph`_     | - SMTP n/a                                                                                |
 |                        | - HTTP n/a                                                                                |
diff --git a/page_creation.rst b/page_creation.rst
@@ -125,11 +125,11 @@ You should see your ``app_lucky_number`` route in the list:
 
 .. code-block:: terminal
 
-    ----------------  -------  -------  -----  --------------
-    Name              Method   Scheme   Host   Path
-    ----------------  -------  -------  -----  --------------
-    app_lucky_number  ANY      ANY      ANY    /lucky/number
-    ----------------  -------  -------  -----  --------------
+    ----------------  -------  --------------
+    Name              Method   Path
+    ----------------  -------  --------------
+    app_lucky_number  ANY      /lucky/number
+    ----------------  -------  --------------
 
 You will also see debugging routes besides ``app_lucky_number`` -- more on
 the debugging routes in the next section.
diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst
@@ -2945,7 +2945,7 @@ If not set, ``php.ini``'s `session.cookie_path`_ directive will be relied on.
 cookie_samesite
 ...............
 
-**type**: ``string`` or ``null`` **default**: ``null``
+**type**: ``string`` or ``null`` **default**: ``'lax'``
 
 It controls the way cookies are sent when the HTTP request did not originate
 from the same domain that is associated with the cookies. Setting this option is
diff --git a/reference/forms/types/options/empty_data_description.rst.inc b/reference/forms/types/options/empty_data_description.rst.inc
@@ -12,8 +12,8 @@ when no value is selected, you can do it like this::
     ]);
 
 This will still render an empty text box, but upon submission the ``John Doe``
-value will be set. Use the ``data`` or ``placeholder`` options to show this
-initial value in the rendered form.
+value will be set. Use the ``data`` option or the ``placeholder`` key of the
+``attr`` option to show this initial value in the rendered form.
 
 .. note::
 
diff --git a/routing.rst b/routing.rst
@@ -274,6 +274,13 @@ given value:
             {
                 // ...
             }
+
+            // You can also pass an array of environments
+            #[Route('/tools', name: 'tools', env: ['dev', 'test'])]
+            public function developerTools(): Response
+            {
+                // ...
+            }
         }
 
     .. code-block:: yaml
@@ -312,6 +319,10 @@ given value:
             }
         };
 
+.. versionadded:: 7.4
+
+    The ability to pass an array of environments to the ``env`` argument was introduced in Symfony 7.4.
+
 .. _routing-matching-expressions:
 
 Matching Expressions
@@ -487,20 +498,23 @@ evaluates them:
 
     $ php bin/console debug:router
 
-    ----------------  -------  -------  -----  --------------------------------------------
-    Name              Method   Scheme   Host   Path
-    ----------------  -------  -------  -----  --------------------------------------------
-    homepage          ANY      ANY      ANY    /
-    contact           GET      ANY      ANY    /contact
-    contact_process   POST     ANY      ANY    /contact
-    article_show      ANY      ANY      ANY    /articles/{_locale}/{year}/{title}.{_format}
-    blog              ANY      ANY      ANY    /blog/{page}
-    blog_show         ANY      ANY      ANY    /blog/{slug}
-    ----------------  -------  -------  -----  --------------------------------------------
+    ----------------  -------  --------------------------------------------
+    Name              Method   Path
+    ----------------  -------  --------------------------------------------
+    homepage          ANY      /
+    contact           GET      /contact
+    contact_process   POST     /contact
+    article_show      ANY      /articles/{_locale}/{year}/{title}.{_format}
+    blog              ANY      /blog/{page}
+    blog_show         ANY      /blog/{slug}
+    ----------------  -------  --------------------------------------------
 
     # pass this option to also display all the defined route aliases
     $ php bin/console debug:router --show-aliases
 
+    # pass this option to also display the associated controllers with the routes
+    $ php bin/console debug:router --show-controllers
+
     # pass this option to only display routes that match the given HTTP method
     # (you can use the special value ANY to see routes that match any method)
     $ php bin/console debug:router --method=GET
diff --git a/security.rst b/security.rst
@@ -2517,6 +2517,49 @@ that is thrown with the ``exceptionCode`` argument::
         // ...
     }
 
+You can also extend the ``IsGranted`` attribute to create meaningful shortcuts::
+
+    // src/Security/Attribute/IsAdmin.php
+    // ...
+
+    use Symfony\Component\Security\Http\Attribute\IsGranted;
+
+    class IsAdmin extends IsGranted
+    {
+        public function __construct()
+        {
+            return parent::__construct('ROLE_ADMIN');
+        }
+    }
+
+.. versionadded:: 7.4
+
+    The :class:`Symfony\\Component\\Security\\Http\\Attribute\\IsGranted`
+    attribute is extendable since Symfony 7.4.
+
+You can restrict access validation to specific HTTP methods
+by using the ``methods`` argument::
+
+    // src/Controller/AdminController.php
+    // ...
+
+    use Symfony\Component\Security\Http\Attribute\IsGranted;
+
+    #[IsGranted('ROLE_ADMIN', methods: 'POST')]
+    class AdminController extends AbstractController
+    {
+        // You can also specify an array of methods
+        #[IsGranted('ROLE_SUPER_ADMIN', methods: ['GET', 'PUT'])]
+        public function adminDashboard(): Response
+        {
+            // ...
+        }
+    }
+
+.. versionadded:: 7.4
+
+    The ``methods`` argument was introduced in Symfony 7.4.
+
 .. _security-template:
 
 Access Control in Templates
