Assetic files in symfony are behind the firewall?
Asked Answered
P

2

5

I have simple login page and security set up like this:

firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            use_referer: true
            always_use_default_target_path: true
            default_target_path: /
        logout:       true
        anonymous:    true

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, role: ROLE_ADMIN }

And in my base.html.twig file I have

{% stylesheets '@BrStgCcBundle/Resources/public/css/bootstrap.css' %}
    <link rel="stylesheet" href="{{ asset_url }}" />
{% endstylesheets %}

And including those file works only if I'm authorized in app. So after login the system finds this asset, but before not it does not, and when I follow generated link by assetic I'm redirected to login page.

In view the link looks like this:

<link rel="stylesheet" href="/app_dev.php/css/026adfc_bootstrap_1.css" />

This file existin on drive, and when called when logged shows proper CSS when not logged it redirects me to login page.

Pyroelectricity answered 27/8, 2012 at 19:25 Comment(0)
G
5

This is normal. You are saying that everything under the root dir (pattern: ^/) is behind the main firewall and that to access these files you need to be an admin (path: ^/, role: ROLE_ADMIN). So you need to set another rule and say that the css directory can be accessed anonymously:

- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
Godewyn answered 27/8, 2012 at 21:24 Comment(2)
This is a lame solution. Use the dev firewall suggested in another answer.Athletic
This is wrong, the real solution to the problem is as in Bartosz Rychlicki's answerAlwyn
P
18

Also I've found that this helps if added to security.yml:

firewalls:
    dev:
        pattern:    ^/(_profiler|_wdt|css|js|assets)
        security:   false
Pyroelectricity answered 28/8, 2012 at 8:15 Comment(2)
You shouldn't have removed it from security.yml in the first place. :PAthletic
Note: the dev section under firewalls needs to be before the main section or whatever you named the section for securityInundate
G
5

This is normal. You are saying that everything under the root dir (pattern: ^/) is behind the main firewall and that to access these files you need to be an admin (path: ^/, role: ROLE_ADMIN). So you need to set another rule and say that the css directory can be accessed anonymously:

- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
Godewyn answered 27/8, 2012 at 21:24 Comment(2)
This is a lame solution. Use the dev firewall suggested in another answer.Athletic
This is wrong, the real solution to the problem is as in Bartosz Rychlicki's answerAlwyn

© 2022 - 2024 — McMap. All rights reserved.