CSRF: the system is failing coz the controller JsonLogin take the hand after the login has been realized
Rebolon opened this issue · 0 comments
Rebolon commented
In fact when the controller is running to do the csrf checks, it's not good because the user is already logged.
So when i throw an exception because the token is invlaid, it's too late.
So i need to find another solution : maybe a new listener on Authentification that happen before the main Authentification system
OR do a PR on Symfony Security to add the CSRF Logic inside JSON_Login