Version 2.2.0 without ua-parser/uap-php #132

sgehrig · 2017-02-06T20:17:32Z

composer.json defines ua-parser/uap-php as a dev-dependency. Since version 2.2.0 (commit #815b5d762ae26db93195abc3c7cc1a9f09f75ee7) NelmioSecurityBundle doesn't work out of the box any more with the default configuration.

This happens because the new configuration setting

nelmio_security:
    csp:
        report_endpoint:
            filters:
                browser_bugs: true # default

requires the ua-parser/uap-php library to be installed. That's somehow inconsistent as the other setting that relies on the ua-parser/uap-php library

nelmio_security:
    csp:
        report/enforce:
            browser_adaptive:
                enabled: false # default

is disabled by default. The solution could be to

disable the browser_bugs filter by default
make the default setting for browser_bugs dependant on the availability of ua-parser/uap-php
require the ua-parser/uap-php library in composer.json

Does this make any sense?

The text was updated successfully, but these errors were encountered:

romainneutron · 2017-02-07T10:16:51Z

I propose solution 3 in #133

Fix #132: Add UAParser to dependencies

romainneutron closed this as completed in dd75181 Feb 7, 2017

romainneutron added a commit that referenced this issue Feb 7, 2017

Merge pull request #133 from romainneutron/fix-132

a5cad3b

Fix #132: Add UAParser to dependencies

stof mentioned this issue Jun 8, 2020

Is ua-parser/uap-php really optional dependency? #214

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Version 2.2.0 without ua-parser/uap-php #132

Version 2.2.0 without ua-parser/uap-php #132

sgehrig commented Feb 6, 2017 •

edited

Loading

romainneutron commented Feb 7, 2017

Version 2.2.0 without ua-parser/uap-php #132

Version 2.2.0 without ua-parser/uap-php #132

Comments

sgehrig commented Feb 6, 2017 • edited Loading

romainneutron commented Feb 7, 2017

sgehrig commented Feb 6, 2017 •

edited

Loading