[MultiDomainBundle] Update the MultiDomainBundle documentation + remove extra parameters from request _route_params #643
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I removed the extra
_route_params
because if you generate a url/path with the current request_route_params
you can expose sensitive information. For example when you have defined different api credentials for each host.When you have
and in twig you do
{{ url(app.request.attributes.get('_route'), app.request.attributes.get('_route_params')) }}
visitors will see
http://domain.com/contact?_extra[api_passwordl]=abc123