[Security] Check post_only option and request method
This commit is contained in:
parent
b84b46ba1a
commit
6a01d3dd54
|
@ -50,6 +50,18 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
||||||
$this->csrfProvider = $csrfProvider;
|
$this->csrfProvider = $csrfProvider;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @{inheritdoc}
|
||||||
|
*/
|
||||||
|
protected function requiresAuthentication(Request $request)
|
||||||
|
{
|
||||||
|
if ($this->options['post_only'] && !$request->isMethod('post')) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return parent::requiresAuthentication($request);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
|
|
Reference in New Issue