Permalink
Browse files

feature #3883 Removed redundant POST request exclusion info (ryancastle)

This PR was submitted for the 2.4 branch but it was merged into the 2.3 branch instead (closes #3883).

Discussion
----------

Removed redundant POST request exclusion info

The default ``ExceptionListener::setTargetPath()`` already excludes POSTs/PUTs, so suggesting that people should implement their own listener to do this is a bit misleading.

However, doing this to prevent XMLHttpRequest URIs from being saved is still valuable.

Commits
-------

01fc656 Added comma after "For example"
c633f6b Improved clarity of explanation around overriding setTargetPath()
556365b Removed redundant POST request exclusion info
  • Loading branch information...
weaverryan committed Aug 19, 2014
2 parents c4eb628 + a409349 commit 041105c438f5f5072cbe6ceb380212412a2c5ef6
Showing with 6 additions and 5 deletions.
  1. +6 −5 cookbook/security/target_path.rst
@@ -10,9 +10,9 @@ the name of the firewall, defined in ``security.yml``). Upon a successful
login, the user is redirected to this path, as to help them continue from the
last known page they visited.
On some occasions, this is unexpected. For example when the last request
URI was an HTTP POST against a route which is configured to allow only a POST
method, the user is redirected to this route only to get a 404 error.
In some situations, this is not ideal. For example, when the last request
URI was an XMLHttpRequest which returned a non-HTML or partial HTML response,
the user is redirected back to a page which the browser cannot render.
To get around this behavior, you would simply need to extend the ``ExceptionListener``
class and override the default method named ``setTargetPath()``.
@@ -56,9 +56,10 @@ Next, create your own ``ExceptionListener``::
{
protected function setTargetPath(Request $request)
{
// Do not save target path for XHR and non-GET requests
// Do not save target path for XHR requests
// You can add any more logic here you want
if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) {
// Note that non-GET requests are already ignored
if ($request->isXmlHttpRequest()) {
return;
}

0 comments on commit 041105c

Please sign in to comment.