Reputation: 3323
Symfony Diem: how to secure whole frontend?
How can I secure whole frontend site, given that module responsible for login management (dmUser) is part of frontend, so it cannot be called without login (eternal forwards)? And if I write my custom login module it's still called via dmFront, i.e. within "secure zone" and ends up with eternal forwards?
One solution would be making each and every front page secure individually, but it's not possible due to specifics of this particular projet
Upvotes: 0
Views: 325
Answers (1)
Reputation: 5349
I don't know about diem specifically, but typically you would edit apps/frontend/config/security.yml and set:
default:
is_secure: true
And then set your actions that need to be insecure (login, forgot password etc) as is_secure: false. See the documentation but an example you could create /apps/frontend/your_module_that_handles_logins/config/security.yml and put:
Login:
is_secure: false
Forgot_password:
is_secure: false
And whatever other actions you need to not be secure.
Upvotes: 1
Related Questions
- Symfony 4 : how to make a login space secured without security?
- Securized the login system in symfony 3
- Is it possible to secure whole Controller in Symfony 2?
- Symfony2 secure whole controller
- Security In Symfony2?
- Security in Symfony2
- Symfony secured pages
- Secure area in Symfony2
- how to secure whole pages except login page in symfony2?
- The best method for secure page for user in Symfony?