I would like to create a login form, and require https for all pages of my website.
My security.yml
looks like this:
access_control:
#- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/logout, roles: ROLE_USER }
It works, but if I remove the #
sign from the beginnig of the first line, the authentication stops working. The security system does not intercept the request. I have many lines in my access_control
, so it would be inpractical to define it for each page.
My main goal is: Require https for all pages. Each page should be only available for logged in users, except for login
, index
and a few
When Symfony read your access control, it takes the first path that match with the route called. So if you defined (as you did) the path ^/
(which match every routes) first, SF will just not read your login
or logout
access control. See this part of cookbook
If you want your website full https, I suggest to edit your nginx, apache config to redirect users who typed http
to https
:
# example with nginx
server {
listen 80;
server_name yourwebsite.com;
return 301 https://yourwebsite.com$request_uri;
}