[Security] Check post_only option and request method

src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php

@@ -50,6 +50,18 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
         $this->csrfProvider = $csrfProvider;
     }
 
+    /**
+     * @{inheritdoc}
+     */
+    protected function requiresAuthentication(Request $request)
+    {
+        if ($this->options['post_only'] && !$request->isMethod('post')) {
+            return false;
+        }
+
+        return parent::requiresAuthentication($request);
+    }
+
     /**
      * {@inheritdoc}
      */