Form Builder does not fully allow Ajax GET requests

Needs a test case to show this still.

Tests added. Note that I renamed 'testGetPostAjaxRequest' existing test to 'testPostAjaxRequest', otherwise the logical new test method name would have been 'testGetGetAjaxRequest', so I hope this makes sense.

Test coverage can be found https://git.drupalcode.org/issue/drupal-3423454/-/jobs/889193

Issue summary seems complete.

Reviewed the code and fix makes sense to me.

I applied my own suggestions but super nitpicky adding :void.

LGTM!

Thanks for the quick review! Suggested changes look good of course :)

This looks good. Those checks are for corrupted forms (incomplete submissions due to post_max_vars) and aren't supposed to enforce anything except more helpful error messages. Committed/pushed to 11.x, cherry-picked to 10.3.x and 10.2.x, thanks!

Thanks very much, really appreciate the quick turnaround!

Automatically closed - issue fixed for 2 weeks with no activity.

This change has caused a regression in our application.
I believe this is an edge case that's specific to our project (and a result of bad route argument naming), but I'm noting it here in case it would be helpful to anyone else.

We have a custom form controller and a route defined like this:

my_path:
  path: "/my-url/{some_param}"
  defaults:
    _controller: '\Drupal\my_module\Controller\CustomFormController::build'
    form_id: 'Drupal\my_module\Form\MyModuleFormClass'

Due to the change in this commit, the form_id may be now fetched from the request attributes (\Symfony\Component\HttpFoundation\Request::get), which caused the wrong form_id value to be fetched from the route attributes rather than from the request GET/POST parameters.

We've fixed this by changing the form_id argument to a different name (e.g. my_form_class) to avoid naming interference.