NotificationsYou must be signed in to change notification settings
Fork9.6k
Star30.4k

[HttpFoundation]`#[IsSignatureValid]` attribute#60395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Open

santysisi wants to merge1 commit intosymfony:7.4

base:7.4

Choose a base branch

fromsantysisi:feature/verify-signature-attribute

Open

[HttpFoundation]`#[IsSignatureValid]` attribute#60395

santysisi wants to merge1 commit intosymfony:7.4fromsantysisi:feature/verify-signature-attribute

+507 −2

Conversation

Copy link

Contributor

santysisi commentedMay 9, 2025•
edited
Loading

Q	A
Branch?	7.4
Bug fix?	no
New feature?	yes
Deprecations?	no
Issues	Feature#60189
License	MIT

✨ New Feature:`#[IsSignatureValid]` Attribute

This attribute simplifies signature verification by applying it declaratively at the controller level.

✅ Usage Examples

#[IsSignatureValid]// Default behavior: returns 404 on failurepublicfunction someAction():Response

#[IsSignatureValid(validationFailedStatusCode:401)]// Customize failure status codepublicfunction someAction():Response

🔥 Advanced Usage (with#60102)

When throw: true is passed, exceptions are thrown instead of returning responses directly:

#[IsSignatureValid(throw:true)]publicfunction someAction():Response

santysisi requested a review fromchalasr as acode owner

May 9, 2025 21:24

carsonbot added Status: Needs Review Feature HttpFoundation labels

May 9, 2025

carsonbot added this to the7.3 milestone

May 9, 2025

santysisi force-pushed thefeature/verify-signature-attribute branch 5 times, most recently from4730169 toc72ef83Compare

May 9, 2025 22:27

Copy link

ContributorAuthor

santysisi commentedMay 9, 2025•
edited
Loading

Hi 👋
I'll update this version7.3 to7.4 once the new minor dev version is released.

Edit: I updated thisversion to 7.3 because I need thismethod fromUriSigner.

94noni reviewed

May 10, 2025

View reviewed changes

src/Symfony/Component/Security/Http/EventListener/IsSignatureValidAttributeListener.phpShow resolvedHide resolved

Copy link

Member

kbond commentedMay 12, 2025

This is looking great@santysisi! I'll give it a more thorough review after 7.3 is released.

santysisi force-pushed thefeature/verify-signature-attribute branch fromc72ef83 to85320cfCompare

May 18, 2025 03:00

Copy link

ContributorAuthor

santysisi commentedMay 19, 2025

We could also consider adding an extra argument to the attribute calledmethods to restrict the validation to specific HTTP methods. This would align with the current behavior of theIsCsrfTokenValid attribute.

fabpot modified the milestones:7.3,7.4

May 26, 2025

feat(HttpKernel): add#[IsSignatureValid] attribute with exception-…

c000b69

…based handling

santysisi force-pushed thefeature/verify-signature-attribute branch from85320cf toc000b69Compare

May 29, 2025 23:01

Copy link

ContributorAuthor

santysisi commentedMay 30, 2025

We could also consider adding an extra argument to the attribute calledmethods to restrict the validation to specific HTTP methods. This would align with the current behavior of theIsCsrfTokenValid attribute.

Hi 👋 I'll update this version7.3 to7.4 once the new minor dev version is released.
Edit: I updated thisversion to 7.3 because I need thismethod fromUriSigner.

ready these 2 changes 🚀