5

Following this tutorial i'm developing a web application using symfony authentication/authorization architecture.

After designing the whole structure (routes, pages and security levels) i'm stuck: how can i develop my pages without enter credentials all the time? Is there any way to disable or turn off the entire firewall functionality? Should i use data fixtures?

Steven Mercatante
  • 24,757
  • 9
  • 65
  • 109
gremo
  • 47,186
  • 75
  • 257
  • 421

2 Answers2

6

In your app/config/security.yml file, under the firewalls config option add or modify the dev...

firewalls:
    dev:
        pattern:  ^/
        security: false
JamesHalsall
  • 13,224
  • 4
  • 41
  • 66
3

The security.firewalls.dev: configuration is used in every Symfony environment (dev,test,prod)!

In Symfony 4, to achieve disabling firewalls for all routes in just dev environment, you could do something like this:

Setup:

config/packages/security.yaml:

parameters:
    # Adds a fallback SECURITY_DEV_PATTERN if the env var is not set.
    env(SECURITY_DEV_PATTERN): '^/(_(profiler|wdt)|css|images|js)/'

security:
    firewalls:
        dev:
            pattern: '%env(SECURITY_DEV_PATTERN)%'
            security: false

Override per Symfony environment:

create a new file config/packages/dev/parameters.yaml:

parameters:
    env(SECURITY_DEV_PATTERN): '^/'

Now all routes are reachable without firewall in Symfony dev environ

Override using environment variables:

You could also override SECURITY_DEV_PATTERN in the .env file:

SECURITY_DEV_PATTERN=^/

This only works if you don't include the .env in your production environment, or if you specifically override the SECURITY_DEV_PATTERN environment variable there as well.

Kim
  • 1,757
  • 1
  • 17
  • 32