8000 feature #10404 [Security] Match request based on HTTP methods in fire… · symfony/symfony@1e973b2 · GitHub
[go: up one dir, main page]
Skip to content

Commit 1e973b2

Browse files
fabpotfabpot
committed
feature #10404 [Security] Match request based on HTTP methods in firewall config (danez)
This PR was submitted for the 2.4 branch but it was merged into the 2.5-dev branch instead (closes #10404). Discussion ---------- [Security] Match request based on HTTP methods in firewall config | Q | A | ------------- | --- | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | symfony/symfony-docs#3681 For an api I had to work on, I was in the need to have different firewalls for different HTTP Methods. I started building my own ```RequestMatcher``` until I discovered, that the regular RequestMatcher is able to handle HTTP Methods. The only thing that is missing is the possibility to configure it in the firewall section of the configuration. (For access_control it is already possible) With this PR it is possible to do things like this: ```yaml security: firewalls: api_options: pattern: ^/ methods: [OPTIONS] security: false api: pattern: ^/ some_auth: true ``` I think this integrates quite nicely. Or is there any downside you can think of? If it is good to go, I'll open a PR for the docs. Commits ------- 2878757 Make it possible to match the request based on HTTP methods in the firewall configuration
2 parents f0c0c2c + a8e9ed5 commit 1e973b2

File tree

6 files changed

+10
-2
lines changed

6 files changed

+10
-2
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,10 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
201201
$firewallNodeBuilder
202202
->scalarNode('pattern')->end()
203203
->scalarNode('host')->end()
204+
->arrayNode('methods')
205+
->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end()
206+
->prototype('scalar')->end()
207+
->end()
204208
->booleanNode('security')->defaultTrue()->end()
205209
->scalarNode('request_matcher')->end()
206210
->scalarNode('access_denied_url')->end()

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,8 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
254254
} elseif (isset($firewall['pattern']) || isset($firewall['host'])) {
255255
$pattern = isset($firewall['pattern']) ? $firewall['pattern'] : null;
256256
$host = isset($firewall['host']) ? $firewall['host'] : null;
257-
$matcher = $this->createRequestMatcher($container, $pattern, $host);
257+
$methods = isset($firewall['methods']) ? $firewall['methods'] : array();
258+
$matcher = $this->createRequestMatcher($container, $pattern, $host, $methods);
258259
}
259260

260261
// Security disabled?

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,7 @@ public function testFirewallRequestMatchers()
117117
array(
118118
'/test',
119119
'foo\\.example\\.org',
120+
array('GET', 'POST'),
120121
),
121122
), $matchers);
122123
}

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@
7474
'host' => array(
7575
'pattern' => '/test',
7676
'host' => 'foo\\.example\\.org',
77+
'methods' => array('GET', 'POST'),
7778
'anonymous' => true,
7879
'http_basic' => true,
7980
),

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@
5757
<logout />
5858
</firewall>
5959

60-
<firewall name="host" pattern="/test" host="foo\.example\.org">
60+
<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST">
6161
<anonymous />
6262
<http-basic />
6363
</firewall>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ security:
5656
host:
5757
pattern: /test
5858
host: foo\.example\.org
59+
methods: [GET,POST]
5960
anonymous: true
6061
http_basic: true
6162

0 commit comments

Comments
 (0)
0