[Security] Only redirect to urls called with http method GET
This commit is contained in:
parent
4e1e08eff7
commit
3ce8227a9b
@ -172,7 +172,7 @@ class ExceptionListener
|
|||||||
protected function setTargetPath(Request $request)
|
protected function setTargetPath(Request $request)
|
||||||
{
|
{
|
||||||
// session isn't required when using http basic authentication mechanism for example
|
// session isn't required when using http basic authentication mechanism for example
|
||||||
if ($request->hasSession()) {
|
if ($request->hasSession() && 'GET' == $request->getMethod()) {
|
||||||
$request->getSession()->set('_security.target_path', $request->getUri());
|
$request->getSession()->set('_security.target_path', $request->getUri());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user