Improve a security related exception #45913
Comments
|
If we were able to know the firewall name, we would not need the exception at all. Except in advanced setups, the provider key is precisely the firewall name. |
|
@stof I'm sorry but I don't fully understand your comment. Are you saying that we can't (for some technical reasons) improve the exception message with more details ... or are you saying that we shouldn't do that? Thanks! |
|
The message is saying "We can't figure out the firewall, so we can't find the logout listener to use" (but with technical terms like "provider key"). We can improve the message to no longer use the outdated terms like "provider key", but we can't add the firewall name, because that's exactly what is missing here. If I read the code correctly, 2 scenarios can produce this error:
Maybe we can also add this to the exception message? |
|
Thank you for this issue. |
|
Friendly ping? Should this still be open? I will close if I don't hear anything. |
|
I created PR to manage these 2 cases as suggested by @wouterj |
Uh oh!
There was an error while loading. Please reload this page.
Description
Via an issue in a third-party bundle I've seen that there's a security-related exception message that could be improved:
symfony/src/Symfony/Component/Security/Http/Logout/LogoutUrlGenerator.php
Line 150 in f3ec7a0
The exception message mentions which is the problem, but it's not very precise about the possible solution. A better exception message would mention the name of the firewall to configure and the exact config option name that should be added or updated.
Thanks!
The text was updated successfully, but these errors were encountered: