BUGFIX: better security

2022-05-30 13:31:11 +02:00 · 2022-05-30 13:31:11 +02:00 · dd0635e35b
parent 01f385f6d5
commit dd0635e35b
2 changed files with 19 additions and 14 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -11,13 +11,13 @@ security:
                property: email
    firewalls:
        dev:
-            pattern: ^/(_(profiler|wdt)|css|images|js|health)/
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
-            pattern: ^/?(%enabled_locales%)/(login|login_check|health)(?=.*)
+            pattern: ^/?(%enabled_locales%)?/(health)$
            security: false
        main:
-            pattern: ^\/(.*)
+            pattern: ^/(.*)
            provider: app_user_provider
            form_login:
@ -41,5 +41,5 @@ security:
    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
-        - { path: ^/(?!login|login_check|health)(?=.*), roles: ROLE_USER }
+        - { path: ^/?(%enabled_locales%)?/job, roles: ROLE_USER }
        # - { path: ^/profile, roles: ROLE_USER }
--- a/config/routes.yaml
+++ b/config/routes.yaml
@ -3,22 +3,27 @@ default:
  defaults:
    _controller: App\Controller\SecurityController::loginAction
 health:
  path: '/health'
  defaults:
    _controller: App\Controller\SiteController::healthAction
 login:
  path: '/{_locale}/login'
  defaults:
    _controller: App\Controller\SecurityController::loginAction
 login_check:
  path: '/login_check'
 logout:
  path: '/logout'
 health:
  path: '/health'
  defaults:
    _controller: App\Controller\SiteController::healthAction
 default_locale:
  path: '/{_locale}'
  defaults:
    _controller: App\Controller\SecurityController::loginAction
 login:
  path: '/{_locale}/login'
  defaults:
    _controller: App\Controller\SecurityController::loginAction
 job_index:
  path: '/{_locale}/job'
  defaults: