symfony-csrf-protection-disabled
csrf_protection
property to true
.symfony-permissive-cors
symfony-non-literal-redirect
redirect()
method does not check its destination in any way. If you redirect to a URL provided by end-users, your application may be open to the unvalidated redirects security vulnerability. Consider using literal values or an allowlist to validate URLs.