chore(config): ajuster docker, cors et securite

2026-01-11 17:06:25 +01:00
parent 15e0b23f15
commit 5222a6bbf9
10 changed files with 73 additions and 12 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -29,10 +29,17 @@ security:
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

+        session_profile:
+            pattern: ^/api/session
+            stateless: false
+
+        session_api:
+            pattern: ^/api/(sites|machines|documents|profiles)
+            stateless: false
+
        api:
            pattern: ^/api
-            stateless: true
-            jwt: ~
+            stateless: false

        main:
            lazy: true
@@ -40,7 +47,9 @@ security:

    # Note: Only the *first* matching rule is applied
    access_control:
-        - { path: ^/api/login, roles: PUBLIC_ACCESS }
+        - { path: ^/api/session/profile, roles: PUBLIC_ACCESS }
+        - { path: ^/api/session/profiles, roles: PUBLIC_ACCESS }
+        - { path: ^/api, roles: PUBLIC_ACCESS }
        - { path: ^/api/docs, roles: PUBLIC_ACCESS }
        - { path: ^/api/test, roles: PUBLIC_ACCESS }
        - { path: ^/docs, roles: PUBLIC_ACCESS }