MALIO-DEV/Starseed
3
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
dd11cb37ecb72be292330746f586b34f5f999b26
Starseed/config/packages/security.yaml
T
tristan b93737391d
Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Failing after 40s
Details
Pull Request — Quality gate / Frontend (lint + Vitest + build) (pull_request) Successful in 1m47s
Details
fix(core) : logout API renvoie 204 sans redirection 
Le firewall répondait par une 302 (target /login). Le fetch front suivait le
Location absolu (host upstream du proxy « nginx » en dev) → ERR_NAME_NOT_RESOLVED
+ ~3s de timeout DNS. ApiLogoutSuccessListener rétrograde la réponse en 204 en
conservant le Set-Cookie qui efface BEARER.
2026-06-29 10:25:03 +02:00

65 lines
2.3 KiB
YAML
Raw Blame History

security:
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
providers:
app_user_provider:
entity:
class: App\Module\Core\Domain\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_profiler|_wdt|assets|build)/
security: false
login:
pattern: ^/login_check
stateless: true
provider: app_user_provider
login_throttling:
max_attempts: 5
interval: '1 minute'
json_login:
check_path: /login_check
username_path: username
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
provider: app_user_provider
jwt: ~
# API JWT stateless : pas de `target` (redirection 302) — le logout
# renvoie 204 via ApiLogoutSuccessListener. Une redirection generait
# une URL absolue basee sur le Host (en dev : l'upstream proxy
# « nginx », non resolvable par le navigateur => ERR_NAME_NOT_RESOLVED
# + ~3 s de timeout DNS). Le cookie BEARER reste efface par
# delete_cookies.
logout:
path: /api/logout
enable_csrf: false
delete_cookies:
BEARER:
path: /
access_control:
- { path: ^/login_check, roles: PUBLIC_ACCESS }
- { path: ^/api/docs, roles: PUBLIC_ACCESS }
- { path: ^/api/version, roles: PUBLIC_ACCESS, methods: [ GET ] }
- { path: ^/api/modules, roles: PUBLIC_ACCESS, methods: [ GET ] }
- { path: ^/api/sidebar, roles: PUBLIC_ACCESS, methods: [ GET ] }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
when@test:
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4
time_cost: 3
memory_cost: 10
Reference in New Issue View Git Blame Copy Permalink