Symfony logout. Change target path protocol from HTTP to HTTPS

Question

My logout target path sends request by HTTP protocol. All on server works by HTTPS protocol. How to say that after logout redirect should be by HTTPS protocol?

Did you configured your `.htaccess` so it redirects http request to https? Like described here: https://stackoverflow.com/questions/13977851/htaccess-redirect-to-https-www — Fabian Schmick, Jul 14 '20 at 06:12

score 1 · Answer 1 · answered Jul 14 '20 at 06:46

There are two ways of doing this with Symfony 4.

Force HTTPS for an range of urls (Symfony Docs) with "requires_channel":

# config/packages/security.yaml
security:
    # ...

    access_control:
        # ...
        # catch all URLs starting with /api/user
        - { path: '^/api/user', roles: ROLE_USER, requires_channel: https }

Doing this for one Action as Annotation (Symfony Docs) with "schemes":

// src/Controller/SecurityController.php
namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Routing\Annotation\Route;

class SecurityController extends AbstractController
{
    /**
     * @Route("/api/user/logout-end", name="api-user-logoutEnd", schemes={"https"})
     */
    public function apiUserLogoutEnd()
    {
        // ...
    }
}

It could be that "Logout" is https, but the following site is not. Then you can apply the methods on that route, too.

Symfony logout. Change target path protocol from HTTP to HTTPS

1 Answers1