MALIO-DEV/Inventory
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

chore(config): ajuster docker, cors et securite

Browse Source
This commit is contained in:
THOLOT DECHENE Matthieu
2026-01-11 17:06:25 +01:00
parent 15e0b23f15
commit 5222a6bbf9
10 changed files with 73 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/packages/api_platform.yaml
View File

@@ -2,6 +2,6 @@ api_platform:
title: Hello API Platform
version: 1.0.0
defaults:
stateless: true
stateless: false
cache_headers:
vary: ['Content-Type', 'Authorization', 'Origin']

4
config/packages/lexik_jwt_authentication.yaml Normal file
View File

@@ -0,0 +1,4 @@
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'

3
config/packages/nelmio_cors.yaml
View File

@@ -4,7 +4,8 @@ nelmio_cors:
allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
allow_headers: ['Content-Type', 'Authorization']
allow_credentials: true
expose_headers: ['Link']
max_age: 3600
paths:
'^/': null
'^/api/': ~

15
config/packages/security.yaml
View File

@@ -29,10 +29,17 @@ security:
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
session_profile:
pattern: ^/api/session
stateless: false
session_api:
pattern: ^/api/(sites|machines|documents|profiles)
stateless: false
api:
pattern: ^/api
stateless: true
jwt: ~
stateless: false
main:
lazy: true
@@ -40,7 +47,9 @@ security:
# Note: Only the *first* matching rule is applied
access_control:
- { path: ^/api/login, roles: PUBLIC_ACCESS }
- { path: ^/api/session/profile, roles: PUBLIC_ACCESS }
- { path: ^/api/session/profiles, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: PUBLIC_ACCESS }
- { path: ^/api/docs, roles: PUBLIC_ACCESS }
- { path: ^/api/test, roles: PUBLIC_ACCESS }
- { path: ^/docs, roles: PUBLIC_ACCESS }