On Tuesday, April 5, 2011 9:48:25 PM UTC+2, pzwosta wrote: > > Hi Dennis, > > I had similar problems and made these mistakes: > > - the login-form has to post the content (not method="get") > - instead of pattern: ^/login now I use pattern ^/login$ (don't know > why) >
The fix is to remove the login firewall entirely and add "anonymous: true" to the default firewall (pattern: ^/). Apparently in PR8 the _security_check was intercepted by the security component in general whereas it looks like in PR10 it is only intercepted if e.g. form_login is defined in the matching firewall. Regards, Dennis -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
