Firewall specific HTTP methods #1171

cuevae · 2015-06-06T15:42:13Z

I've found out that in the Symfony Security component you can restrict the firewall to be triggered upon a specific request (documentation).

In my case, for a certain endpoint of my API, I'd like the firewall to be triggered on a POST request but not on a GET request. Based on the documentation above I was planning to use something like the following when defining my security rules for Silex in a yaml file:

endpoint:
  pattern: ^/myendpoint/$
  methods: [GET]
  security: false
default:
  pattern: ^.*$
  oauth2: true

But, checking on how the SecurityServiceProvider will handle that config, I've realized that the methods entry will be ignored:

No check for methods key (code)
Request matcher built only with one param code when it could accept more code

Is this done for a particular reason or it's an oversight in Silex?
Could this behaviour be achieved in some other way?

The text was updated successfully, but these errors were encountered:

…re than just the URL (fabpot) This PR was merged into the 1.3 branch. Discussion ---------- updated the docs to show how to restrict a firewall by more than just the URL closes #1171 and #1044 Commits ------- 721043c updated the docs to show how to restrict a firewall by more than just the URL

fabpot added the feature-request label Aug 3, 2015

fabpot mentioned this issue Aug 3, 2015

updated the docs to show how to restrict a firewall by more than just the URL #1208

Merged

fabpot closed this as completed in #1208 Aug 3, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Firewall specific HTTP methods #1171

Firewall specific HTTP methods #1171

cuevae commented Jun 6, 2015

Firewall specific HTTP methods #1171

Firewall specific HTTP methods #1171

Comments

cuevae commented Jun 6, 2015