merged branch helmer/target_path (PR #2228)
Commits -------022a9a7
[Security] Make saving target_path extendible Discussion ---------- [Security] Make saving target_path extendible The problem lies in how Security component handles ``target_path`` - the latest request URI is always stored. This can lead to problems in following scenarios: a) The response type of the request is not HTML (think JSON, XML ..) b) The URI matches a route that does not listen to HTTP GET I opened a [PR](https://github.com/symfony/symfony/pull/604) months ago, to partly solve scenario A, which did not make it. Now I am proposing a different solution - user can extend ``ExceptionListener`` and override the logic behind setting the ``target_path`` to match his precise needs. In my simplified scenario, I would be using: ``` protected function setTargetPath(Request $request) { if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) { return; } $request->getSession()->set('_security.target_path', $request->getUri()); } ``` @Seldaek, @schmittjoh, @lsmith77, thoughts? --------------------------------------------------------------------------- by Seldaek at 2011/09/21 02:37:02 -0700 Seems like a better solution for flexibility's sake. Would be quite awesome if you could add a cookbook entry to symfony/symfony-docs about this, otherwise I'm afraid we'll have to explain it over and over again :) --------------------------------------------------------------------------- by helmer at 2011/09/21 03:38:57 -0700 [Cookbook](b22c5e666e
) entry done. Perhaps though I rushed ahead .. --------------------------------------------------------------------------- by Seldaek at 2011/09/21 03:52:01 -0700 Thanks. You can already do a pull request against symfony-docs, just reference this pull request in it so it's not merged before this is merged.
This commit is contained in:
parent
4983f0a18e
commit
6b367d1e3d
@ -157,11 +157,16 @@ class ExceptionListener
|
||||
$this->logger->debug('Calling Authentication entry point');
|
||||
}
|
||||
|
||||
$this->setTargetPath($request);
|
||||
|
||||
return $this->authenticationEntryPoint->start($request, $authException);
|
||||
}
|
||||
|
||||
protected function setTargetPath(Request $request)
|
||||
{
|
||||
// session isn't required when using http basic authentication mechanism for example
|
||||
if ($request->hasSession()) {
|
||||
$request->getSession()->set('_security.target_path', $request->getUri());
|
||||
}
|
||||
|
||||
return $this->authenticationEntryPoint->start($request, $authException);
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user