如何摆脱“你必须配置由防火墙处理的检查路径”错误与GET请求?

时间:2022-10-16 12:43:53

When I am authenticating usual way (using login form), it works all right. I am getting this error only when /check_form is accessed via GET method directly, in which case an exception being thrown:

当我通过常规方式验证(使用登录表单)时,它可以正常工作。我只有在直接通过GET方法访问/ check_form时才会收到此错误,在这种情况下抛出异常:

You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.

您必须使用安全防火墙配置中的form_login配置防火墙要处理的检查路径。

Here is the relevant security.yml part:

这是相关的security.yml部分:

firewalls:
    acme_area:
        pattern:    ^/(acme|admin)/
        provider: fos_userbundle
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            login_path: acme_login
            check_path: /acme/login_check
        logout:
            path: /acme/logout
            target: acme_login
        anonymous: true

I am using 2.3, thus no methods option is applicable (though I have no idea if it would help).

我使用2.3,因此没有方法选项适用(虽然我不知道它是否会有所帮助)。

It is not really an issue as no proper usage could be spoiled by this error, but it pollutes the error log when some diligent bot is visiting the site and it's just untidy. So, I'd like to know which configuration option I can change to get rid of this error.

这不是一个真正的问题,因为这个错误不会破坏正确的使用方法,但是当一些勤奋的机器人访问该站点时它会污染错误日志而且它只是不整洁。所以,我想知道我可以改变哪个配置选项来摆脱这个错误。

To boil this down, it seems that I want some 4xx error to be thrown instead of 500. Ideally it should be 405 Method Not Allowed, but 404 cold do too.

为了降低这一点,似乎我想要抛出一些4xx错误而不是500.理想情况下它应该是405 Method Not Allowed,但404冷却也是如此。

EDIT:

编辑:

As as I learned from the Alex's answer below, this happens because POST requests are handled by the firewall and GET requests by the Controller. Thus, it seems that default checkAction() have to be extended to be able to handle two cases:

正如我从Alex的答案中学到的那样,这是因为POST请求由防火墙处理,而控制器发出GET请求。因此,似乎必须扩展默认的checkAction()才能处理两种情况:

  1. When request is POST but no firewal entry is present (already nandled)
  2. 当请求是POST但没有firewal条目存在(已经被nandled)
  3. When firewall entry is present but request is GET (my case)
  4. 当防火墙入口存在但请求是GET(我的情况)

1 个解决方案

#1


8  

There is no configuration option for that. If the request reach the controller, it unconditionally throws the exception: credible source.

没有配置选项。如果请求到达控制器,它无条件地抛出异常:可信来源。

POST request to the route are handled by firewall: official docs; GET ones go to the controller as usual.

对路由的POST请求由防火墙处理:官方文档; GET像往常一样去控制器。

There are few options to get rid of the error in the log, if you don't care about such events. The simplest one in my opinion is to override SecurityController::checkAction to return 500 error without throwing an exception. The official docs how to achieve it: Overriding Default FOSUserBundle Controllers.

如果您不关心此类事件,则几乎没有选项可以消除日志中的错误。在我看来,最简单的是覆盖SecurityController :: checkAction以返回500错误而不抛出异常。官方文档如何实现它:覆盖默认的FOSUserBundle控制器。

EDIT:

编辑:

In the controller you can return whatever code you like:

在控制器中,您可以返回您喜欢的任何代码:

public function checkAction()
{
    return new Response('', 418); // or better use Response constants 
}

Another way is to disable GET method to /acme/login_check in the routing config, and let router do its job and return normal 405 Method Not Allowed as usual.

另一种方法是在路由配置中禁用GET方法到/ acme / login_check,让路由器完成其工作并像往常一样返回正常的405方法不允许。

EDIT2:

EDIT2:

You can analyse request in the action, and still throw an exception:

您可以在操作中分析请求,但仍然会抛出异常:

public function checkAction(Request $request)
{
    if ($request->getMethod() == Request::METHOD_POST) {
        throw new \RuntimeException('You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.');
    } else {
        return new Response('', Response::HTTP_METHOD_NOT_ALLOWED);
    }
}

but I would recommend to debug your routes instead. This logic should belong to the router, not controller. In the long run, your routing config will mislead devs who will maintain this code, and they will have several hard debugging hours trying to figure out why it returns 405, when app/console debug:router clearly states that GET method is allowed.

但我建议调试您的路线。此逻辑应属于路由器,而不属于控制器。从长远来看,您的路由配置会误导将维护此代码的开发人员,并且他们将有几个硬调试时间试图找出它返回405的原因,当app / console debug:路由器明确指出允许使用GET方法时。

#1


8  

There is no configuration option for that. If the request reach the controller, it unconditionally throws the exception: credible source.

没有配置选项。如果请求到达控制器,它无条件地抛出异常:可信来源。

POST request to the route are handled by firewall: official docs; GET ones go to the controller as usual.

对路由的POST请求由防火墙处理:官方文档; GET像往常一样去控制器。

There are few options to get rid of the error in the log, if you don't care about such events. The simplest one in my opinion is to override SecurityController::checkAction to return 500 error without throwing an exception. The official docs how to achieve it: Overriding Default FOSUserBundle Controllers.

如果您不关心此类事件,则几乎没有选项可以消除日志中的错误。在我看来,最简单的是覆盖SecurityController :: checkAction以返回500错误而不抛出异常。官方文档如何实现它:覆盖默认的FOSUserBundle控制器。

EDIT:

编辑:

In the controller you can return whatever code you like:

在控制器中,您可以返回您喜欢的任何代码:

public function checkAction()
{
    return new Response('', 418); // or better use Response constants 
}

Another way is to disable GET method to /acme/login_check in the routing config, and let router do its job and return normal 405 Method Not Allowed as usual.

另一种方法是在路由配置中禁用GET方法到/ acme / login_check,让路由器完成其工作并像往常一样返回正常的405方法不允许。

EDIT2:

EDIT2:

You can analyse request in the action, and still throw an exception:

您可以在操作中分析请求,但仍然会抛出异常:

public function checkAction(Request $request)
{
    if ($request->getMethod() == Request::METHOD_POST) {
        throw new \RuntimeException('You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.');
    } else {
        return new Response('', Response::HTTP_METHOD_NOT_ALLOWED);
    }
}

but I would recommend to debug your routes instead. This logic should belong to the router, not controller. In the long run, your routing config will mislead devs who will maintain this code, and they will have several hard debugging hours trying to figure out why it returns 405, when app/console debug:router clearly states that GET method is allowed.

但我建议调试您的路线。此逻辑应属于路由器,而不属于控制器。从长远来看,您的路由配置会误导将维护此代码的开发人员,并且他们将有几个硬调试时间试图找出它返回405的原因,当app / console debug:路由器明确指出允许使用GET方法时。