Hi there!
After updating symfony2 to PR8 I have noticed a strange issue. I would like
to let user be logged in using https only, so in my “security” config
section I have the following:
...
access_control:
- { path: /login, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel:
https }
...
For some reason “requires_channel: https” causes a fatal error when I try to
access
*http://mydomain/login* instead of redirecting to https as before. The error
is the following:
Catchable fatal error: Argument 1 passed to
*Symfony\Component\Security\Http\EntryPoint\RetryAuthenticationEntryPoint::start()
*must be an instance of *Symfony\Component\HttpFoundation\Request*, instance
of *Symfony\Component\HttpKernel\Event\GetResponseEvent* given, called in
xxx\vendor\symfony\src\Symfony\Component\Security\Http\Firewall\ChannelListener.php
on line 55 and defined in
xxx\vendor\symfony\src\Symfony\Component\Security\Http\EntryPoint\RetryAuthenticationEntryPoint.php
on line 38
<http://img859.imageshack.us/img859/5536/callstack.png>
When I remove “requires_channel: https” from my config file, everything
works just fine.
It looks like a Symfony bug, but if I’m wrong, could anyone please tell me
what I should change to bring my project back to life?
*Another thing: Is it possible to add the https requirement to login check_path
only? Having the login form delivered via https makes no difference as the
only thing that needs to be secured is the raw password being sent to the
server.
*
Kind regards
Alexander
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
