On Wed, May 11, 2011 at 08:14, ryan weaver <[email protected]> wrote: > * When an AccessDeniedException is thrown - and when the user is fully > authenticated - > I believe the system just lets that exception be thrown and shows the > normal 500 page. Can we do a better job here? It seems like a 403 header > is much more appropriate. Also, a different access denied error template > would be great. In general, I believe customizing the error template > between > types of errors is currently non-trivial (but that's not a topic for > here).
This used to be the case. The improvements to twig are blocking the Security component from dealing with this exception properly. I reported this in trac prior to the move to github issues. http://trac.symfony-project.org/ticket/9734 -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
