I have setup custom error pages to display for certain HTTP errors in the folder:
app/Resources/TwigBundle/views/Exception/
The 403 page (error403.html.twig
) works and displays as expected.
The 500 page (error500.html.twig
) works and displays as expected.
The 404 page (error404.html.twig
) throws a 500 server error:
PHP Fatal error: Uncaught exception 'Symfony\Component\Routing\Exception\ResourceNotFoundException'
The error is being thrown by doing an auth check to display certain menu items for users that are or aren't authenticated:
{% if is_granted('IS_AUTHENTICATED_FULLY') %}
If I remove that check and just allow all menu items to display, the page loads the error page as expected. Again, the 403 page displays as it should and utilizes the auth checks without a problem.
I'm stuck on this one. The pages are EXACTLY the same, apart from the filename.
If symfony < 2.8 :
{% if app.user is not null and is_granted('ROLE_ADMIN') %}
See : https://github.com/symfony/symfony-docs/issues/2078
Edit from Dec 17 '15:
This is no longer needed since 2.8,
{% if is_granted('ROLE_ADMIN') %}
works fine now.
source: http://symfony.com/blog/new-in-symfony-2-8-dx-improvements#allow-to-check-for-security-even-in-pages-not-covered-by-firewalls
You can't use the is_granted
in a 404 page since 2.1:
It's mentioned in the upgrade file
The Firewall listener is now registered after the Router listener. This means that specific Firewall URLs (like /login_check and /logout) must now have proper routes defined in your routing configuration. Also, if you have a custom 404 error page, make sure that you do not use any security related features such as
is_granted
on it.
See: https://github.com/symfony/symfony/blob/master/UPGRADE-2.1.md#security
I would suggest checking for app.security.token
to be more strict and evaluate to true
even when user is anonymous.
If you check for app.user
it will evaluate false
in Exception templates, but even when the firewall is present (= regular templates) but the user is not logged. This will prevent - for example - the display of a login button.
See: https://github.com/symfony/symfony-docs/pull/2359
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With