Hey guys- Agreed, I have the same thought - it seems like we should be able to "validate-away" a few of these non-sense configuration problems. The only thing to keep in mind is not validating against legitimate edge cases (though I also don't want edge cases to kill the usability of the other 99%).
On the redirect loop, would it be possible for the system to check and see if the page is being redirected to the exact same page? Again, I'm trying to think of what legitimate edge cases that would screw up. But, if we could do that - we could probably have a pretty good exception message. I'm not sure about the additional parameter - it just doesn't feel right, but it would get the job done. I'm going to focus on writing the docs first, but I wanted to keep this topic current and see if anyone has some time to look into any points that they find particularly painful. Thanks! Ryan Weaver US Office Head & Trainer - KnpLabs - Nashville, TN http://www.knplabs.com <http://www.knplabs.com/en> http://www.thatsquality.com Twitter: @weaverryan On Sun, Apr 24, 2011 at 5:55 AM, Miha Vrhovnik <[email protected]>wrote: > As for the redirect loop, not sure we can do much about that, except if we >> enable anonymous access by default (aka requiring to disable it). >> > I don't know enough of the internals but couldn't we add additional > parameter on login redirect? and if that parameter is present the next time > throw an exception? > > Regards, > miha > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
