Thank you for your answer, but it's not the point. You're right, in theory, an AJAX request should not face an AccessDeniedException. But I'm just playing with the framework, and wanted to see the behavior "in case of".
So I throw my AccessDeniedException on purpose, for me to make a javascript code that is able to deal with this unusual case. I want it to catch the error and display a nice message to users. But currently, as I expect a JSON response but receive an HTML response (the login page), it's quite tough to deal with it and display an adequate error message. Question is: why Symfony is still redirecting to an HTML page when requesting a JSON format within an XHR request? And how to customize this behavior to make it display an "access denied" error in JSON format, without redirecting? -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
