You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
UsernamePasswordJsonAuthenticationListener seems to "high-jack" every request. While the documentation http://symfony.com/doc/master/security/json_login_setup.html seems to imply it supports things like check_path I do not see this in the code at all. It might make sense to extend from AbstractAuthenticationListener. At the very least the listener should check the Content-Type header if its a json request.
The text was updated successfully, but these errors were encountered:
…r (chalasr)
This PR was squashed before being merged into the 3.3-dev branch (closes#22425).
Discussion
----------
[Security] Allow to set a check_path on json_login listener
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no, master only
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21948, ~~#22423~~
| License | MIT
| Doc PR | n/a
The listener should allow to restrict authentication to a given check_path, as stated in the docs http://symfony.com/doc/master/security/json_login_setup.html
Commits
-------
9f7eb61 [Security] Allow to set a check_path on json_login listener
#18952
UsernamePasswordJsonAuthenticationListener
seems to "high-jack" every request. While the documentation http://symfony.com/doc/master/security/json_login_setup.html seems to imply it supports things likecheck_path
I do not see this in the code at all. It might make sense to extend fromAbstractAuthenticationListener
. At the very least the listener should check theContent-Type
header if its a json request.The text was updated successfully, but these errors were encountered: