[Security] Check post_only option and request method
This commit is contained in:
parent
b84b46ba1a
commit
6a01d3dd54
@ -50,6 +50,18 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
||||
$this->csrfProvider = $csrfProvider;
|
||||
}
|
||||
|
||||
/**
|
||||
* @{inheritdoc}
|
||||
*/
|
||||
protected function requiresAuthentication(Request $request)
|
||||
{
|
||||
if ($this->options['post_only'] && !$request->isMethod('post')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return parent::requiresAuthentication($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
|
Reference in New Issue
Block a user