NathanVss February 2016

symfony2 access control on assets

For some reason ( AngularJS top secret js files ) I need to put behind a firewall my resources. But I don't know how to setup that the symfony way. I already tried to set a access_control on /web/myresources.js but the kernel does not handle it.

I'd like to do something like this :

- { path: ^/assets/admin/, role: ROLE_ADMIN }

To protect, for example : "/assets/admin/js/app.js".

Any ideas ? Thank you.

EDIT : I created a bundle to achieve that. It is not documented yet, but here is the repo :

https://github.com/NathanVss/resources-firewall-bundle

Answers


Wouter J February 2016

Symfony firewall can only work on URIs managed by Symfony. Assets are static files and are not routed through Symfony.

Use web server config to protect such routes. For instance, by protecting directory index listings in Apache:

Create a .htaccess file with the following:

Options -Indexes

Or by disabling autoindex in nginx:

Syntax:  autoindex on | off;
Default: autoindex off;
Context: http, server, location

Enables or disables the directory listing output.

Post Status

Asked in February 2016
Viewed 1,530 times
Voted 8
Answered 1 times

Search




Leave an answer