[FrameworkBundle] Fail gracefully when forms use disabled CSRF

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

@@ -496,6 +496,10 @@ private function registerFormConfiguration(array $config, ContainerBuilder $cont
         }
 
         if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
+            if (!$container->hasDefinition('security.csrf.token_generator')) {
+                throw new \LogicException('To use form CSRF protection `framework.csrf_protection` must be enabled.');
+            }
+
             $loader->load('form_csrf.xml');
 
             $container->setParameter('form.type_extension.csrf.enabled', true);

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php

@@ -0,0 +1,8 @@
+<?php
+
+$container->loadFromExtension('framework', [
+    'csrf_protection' => false,
+    'form' => [
+        'csrf_protection' => true,
+    ],
+]);

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:framework="http://symfony.com/schema/dic/symfony"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services
+            https://symfony.com/schema/dic/services/services-1.0.xsd
+            http://symfony.com/schema/dic/symfony
+            https://symfony.com/schema/dic/symfony/symfony-1.0.xsd"
+>
+    <framework:config>
+        <framework:csrf-protection enabled="false"/>
+        <framework:form enabled="true">
+            <framework:csrf-protection enabled="true"/>
+        </framework:form>
+    </framework:config>
+</container>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml

@@ -0,0 +1,4 @@
+framework:
+    csrf_protection: false
+    form:
+        csrf_protection: true

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php

@@ -84,6 +84,14 @@ public function testFormCsrfProtection()
         $this->assertEquals('%form.type_extension.csrf.field_name%', $def->getArgument(2));
     }
 
+    public function testFormCsrfProtectionWithCsrfDisabled()
+    {
+        $this->expectException(\LogicException::class);
+        $this->expectExceptionMessage('To use form CSRF protection `framework.csrf_protection` must be enabled.');
+
+        $this->createContainerFromFile('form_csrf_disabled');
+    }
+
     public function testPropertyAccessWithDefaultValue()
     {
         $container = $this->createContainerFromFile('full');