My problem is like in the title.
In my project i tried to add HTTPS to /login and /admin routes. Both routes are imported from third party bundles: login from FOSUserBundle and admin from EasyAdminBundle. To achieve that I added requires_channel: https to the security.yml file, like it was described in this thread https://symfony.com/doc/current/security/force_https.html.
My access_control section looked like:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN, requires_channel: https }
I started the site through built-in server to check if it will force https connection and it was. Obviously there was an error because symfony built-in server doesn't support ssl connections but in the address bar there was https://. I uploaded this version to the server and I wanted to continue working on the next functionality, so I deleted the requires_channel entry but when I launch the page by typing php bin/console server:start 0.0.0.0:80 and typing in the browser address bar localhost/admin symphony still forces https. My next guess was to change requires_channel: https to requires_channel: http but that did not work either.
The same happens on the production server, ie HTTPS is still enforced when requires_channel is removed or set to HTTP, but there i can live with that because in the end i will have to generate certificate and launch ssl connection in apache config files, but I can't work on dev version.
I looked for similar issues but mostly if threads was about symfony and HTTP or HTTPS, people asks how to force HTTPS but this I already did. I can't find similar problem to mine so please if someone have any idea what goes wrong feel free to response or if anyone already solved my problem or very similar one please paste links.
Full content of security.yml file:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: "%router.request_context.scheme%" }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN, requires_channel: "%router.request_context.scheme%" }
Finally I managed to find solution for my problem.
As I suspected there was some data in system and browser cache, although I was clearing symfony cache, there still was some forcing https:// on login and admin routes.
What I done is clearing all possible cache using BleachBit, and now it works as it should.
Thank you all, for your time.