Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Security] Rework firewall access denied rule#34476
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
baa448e toc573f66Comparenesk commentedNov 21, 2019
Rebased the commit to define@dimabory as the author of the commit. |
c573f66 to9954f18CompareNyholm commentedMay 3, 2020
Thank you for this PR. I've been researching this for about 45 minutes now. This is the wrong approach Im afraid. The AccesDeniedHandler should only be called when an authenticated users is trying to access a resource they are not allowed to access. If an anonymous user is trying to access a protected resource, then a I madesymfony/symfony-docs#13615 to avoid confusion. |
It's currently impossible to provide a AccessDeniedHandler to Symfony, it will just be ignored. See#28229 for details.
@dimabory submitted a PR (#30423) to fix this, which was merged, but then reverted (#31142) due to a BC break in 3.4 branch (#31136).
Since the bug reported in#28229 still exists, I was planning to do a PR in the master branch before the 5.0 release, however time passed and I didn't see it would be released that soon. I hope this could still be merged as a hotfix in the 5.0 branch (despite the BC break) since I find this bugreally annoying.