fixed csrf validation

Author: yceruto

src/Form/Extension/Core/Type/FormFlowType.php

@@ -4,6 +4,8 @@
 
 use Symfony\Component\Form\Extension\Core\Type\FormType;
 use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\Form\FormEvent;
+use Symfony\Component\Form\FormEvents;
 use Symfony\Component\Form\FormInterface;
 use Symfony\Component\Form\FormView;
 use Symfony\Component\OptionsResolver\Exception\MissingOptionsException;
@@ -38,6 +40,8 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
 
         $builder->setDataStorage($options['data_storage'] ?? new NullDataStorage());
         $builder->setStepAccessor($options['step_accessor']);
+
+        $builder->addEventListener(FormEvents::PRE_SUBMIT, $this->onPreSubmit(...), -100);
     }
 
     public function buildView(FormView $view, FormInterface $form, array $options): void
@@ -105,4 +109,14 @@ public function getParent(): string
     {
         return FormType::class;
     }
+
+    public function onPreSubmit(FormEvent $event): void
+    {
+        /** @var FormFlowInterface $flow */
+        $flow = $event->getForm();
+
+        if ($flow->getClickedActionButton()?->isClearSubmission()) {
+            $event->setData([]);
+        }
+    }
 }

src/Form/Flow/FormFlow.php

@@ -46,10 +46,6 @@ public function submit(mixed $submittedData, bool $clearMissing = true): static
 
         $this->setClickedActionButton($submittedData, $this);
 
-        if ($this->clickedActionButton?->isClearSubmission()) {
-            $submittedData = [];
-        }
-
         parent::submit($submittedData, $clearMissing);
 
         if (!$this->clickedActionButton || !$this->isSubmitted() || !$this->isValid()) {