diff --git a/.gitignore b/.gitignore
index 79407a9..507425c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@
 /.env.local.php
 /.env.*.local
 /config/secrets/prod/prod.decrypt.private.php
+/config/reference.php
 /public/bundles/
 /var/
 /vendor/
diff --git a/config/packages/csrf.yaml b/config/packages/csrf.yaml
new file mode 100644
index 0000000..40d4040
--- /dev/null
+++ b/config/packages/csrf.yaml
@@ -0,0 +1,11 @@
+# Enable stateless CSRF protection for forms and logins/logouts
+framework:
+    form:
+        csrf_protection:
+            token_id: submit
+
+    csrf_protection:
+        stateless_token_ids:
+            - submit
+            - authenticate
+            - logout
diff --git a/config/packages/property_info.yaml b/config/packages/property_info.yaml
new file mode 100644
index 0000000..dd31b9d
--- /dev/null
+++ b/config/packages/property_info.yaml
@@ -0,0 +1,3 @@
+framework:
+    property_info:
+        with_constructor_extractor: true