diff --git a/.github/workflows/integrate.yml b/.github/workflows/integrate.yml
index 31a87a9c..13c4ba8b 100644
--- a/.github/workflows/integrate.yml
+++ b/.github/workflows/integrate.yml
@@ -2,7 +2,11 @@
 
 name: "Integrate"
 
-on: [ push, pull_request ]
+on:
+    push:
+        branches:
+            - "*.x"
+    pull_request: null
 
 jobs:
   byte_level:
diff --git a/src/stimulus/Resources/assets/dist/controller.js b/src/stimulus/Resources/assets/dist/controller.js
index 3bbda2bb..cf800b5b 100644
--- a/src/stimulus/Resources/assets/dist/controller.js
+++ b/src/stimulus/Resources/assets/dist/controller.js
@@ -63,7 +63,11 @@ class default_1 extends Controller {
             headers: optionsHeaders,
             body: JSON.stringify(data),
         });
-        const attResp = await startRegistration(await resp.json());
+        const respJson = await resp.json();
+        if (respJson.excludeCredentials === undefined) {
+            respJson.excludeCredentials = [];
+        }
+        const attResp = await startRegistration(respJson);
         const responseHeaders = {
             'Content-Type': 'application/json',
         };
diff --git a/src/stimulus/Resources/assets/src/controller.ts b/src/stimulus/Resources/assets/src/controller.ts
index b1b152a9..5b202055 100644
--- a/src/stimulus/Resources/assets/src/controller.ts
+++ b/src/stimulus/Resources/assets/src/controller.ts
@@ -87,7 +87,11 @@ export default class extends Controller {
             body: JSON.stringify(data),
         });
 
-        const attResp = await startRegistration(await resp.json());
+        const respJson = await resp.json();
+        if (respJson.excludeCredentials === undefined) {
+            respJson.excludeCredentials = [];
+        }
+        const attResp = await startRegistration(respJson);
         const responseHeaders = {
             'Content-Type': 'application/json',
         };
diff --git a/tests/symfony/functional/Firewall/RegistrationAreaTest.php b/tests/symfony/functional/Firewall/RegistrationAreaTest.php
index b435abab..03243c5a 100644
--- a/tests/symfony/functional/Firewall/RegistrationAreaTest.php
+++ b/tests/symfony/functional/Firewall/RegistrationAreaTest.php
@@ -5,6 +5,7 @@
 namespace Webauthn\Tests\Bundle\Functional\Firewall;
 
 use Cose\Algorithms;
+use const JSON_THROW_ON_ERROR;
 use function Safe\base64_decode;
 use function Safe\json_decode;
 use function Safe\json_encode;
@@ -53,7 +54,7 @@ public function aRequestWithoutUsernameCannotBeProcessed(): void
             'HTTP_HOST' => 'test.com',
         ], json_encode($content));
         $response = $this->client->getResponse();
-        $data = json_decode($response->getContent(), true);
+        $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertArrayHasKey('status', $data);
         static::assertSame('error', $data['status']);
@@ -75,7 +76,7 @@ public function aRequestWithoutDisplayNameCannotBeProcessed(): void
             'HTTP_HOST' => 'test.com',
         ], json_encode($content));
         $response = $this->client->getResponse();
-        $data = json_decode($response->getContent(), true);
+        $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertArrayHasKey('status', $data);
         static::assertSame('error', $data['status']);
@@ -104,7 +105,7 @@ public function aValidRequestProcessed(): void
             'HTTP_HOST' => 'test.com',
         ], json_encode($content));
         $response = $this->client->getResponse();
-        $data = json_decode($response->getContent(), true);
+        $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertArrayHasKey('status', $data);
         static::assertSame('ok', $data['status']);
@@ -141,7 +142,7 @@ public function aValidRequestProcessedOnOtherHost(): void
             'HTTP_HOST' => 'foo.com',
         ], json_encode($content));
         $response = $this->client->getResponse();
-        $data = json_decode($response->getContent(), true);
+        $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertArrayHasKey('status', $data);
         static::assertSame('ok', $data['status']);
@@ -183,7 +184,7 @@ public function aValidRequestProcessedWithExtensions(): void
             'HTTP_HOST' => 'test.com',
         ], json_encode($content));
         $response = $this->client->getResponse();
-        $data = json_decode($response->getContent(), true);
+        $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertArrayHasKey('status', $data);
         static::assertSame('ok', $data['status']);
@@ -222,7 +223,7 @@ public function aRegistrationOptionsRequestCanBeAcceptedForExistingUsers(): void
             'HTTP_HOST' => 'test.com',
         ], json_encode($content));
         $response = $this->client->getResponse();
-        $data = json_decode($response->getContent(), true);
+        $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertArrayHasKey('status', $data);
         static::assertSame('ok', $data['status']);
@@ -241,11 +242,11 @@ public function aRegistrationResultRequestCannotBeAcceptedIfNoOptionsAreAvailabl
             'HTTP_HOST' => 'test.com',
         ], $content);
         $response = $this->client->getResponse();
-        $data = json_decode($response->getContent(), true);
+        $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertArrayHasKey('status', $data);
         static::assertSame('error', $data['status']);
-        static::assertSame(401, $this->client->getResponse()->getStatusCode());
+        self::assertResponseStatusCodeSame(401);
         static::assertArrayHasKey('errorMessage', $data);
         static::assertSame('No public key credential options available for this session.', $data['errorMessage']);
     }
@@ -282,7 +283,7 @@ public function aValidRegistrationResultRequestIsCorrectlyManaged(): void
             'HTTP_HOST' => 'localhost',
         ], $content);
         $response = $this->client->getResponse();
-        $data = json_decode($response->getContent(), true);
+        $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertArrayHasKey('status', $data);
         static::assertSame('ok', $data['status']);
diff --git a/tests/symfony/functional/Firewall/SecuredAreaTest.php b/tests/symfony/functional/Firewall/SecuredAreaTest.php
index d48b10d7..33f52af5 100644
--- a/tests/symfony/functional/Firewall/SecuredAreaTest.php
+++ b/tests/symfony/functional/Firewall/SecuredAreaTest.php
@@ -81,7 +81,7 @@ public function aUserCannotBeBeAuthenticatedInAbsenceOfOptions(): void
             'HTTP_HOST' => 'test.com',
         ], $assertion);
 
-        static::assertSame(Response::HTTP_UNAUTHORIZED, $this->client->getResponse()->getStatusCode());
+        self::assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
         static::assertSame(
             '{"status":"error","errorMessage":"No public key credential options available for this session.","errorCode":15}',
             $this->client->getResponse()