I have simple login page and security set up like this:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
use_referer: true
always_use_default_target_path: true
default_target_path: /
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_ADMIN }
And in my base.html.twig file I have
{% stylesheets '@BrStgCcBundle/Resources/public/css/bootstrap.css' %}
<link rel="stylesheet" href="{{ asset_url }}" />
{% endstylesheets %}
And including those file works only if I'm authorized in app. So after login the system finds this asset, but before not it does not, and when I follow generated link by assetic I'm redirected to login page.
In view the link looks like this:
<link rel="stylesheet" href="/app_dev.php/css/026adfc_bootstrap_1.css" />
This file existin on drive, and when called when logged shows proper CSS when not logged it redirects me to login page.
This is normal. You are saying that everything under the root dir (pattern: ^/) is behind the main firewall and that to access these files you need to be an admin (path: ^/, role: ROLE_ADMIN). So you need to set another rule and say that the css directory can be accessed anonymously:
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }