Rebolon/php-sf-flex-webpack-encore-vuejs

CSRF: the system is failing coz the controller JsonLogin take the hand after the login has been realized

Rebolon opened this issue · 0 comments

In fact when the controller is running to do the csrf checks, it's not good because the user is already logged.
So when i throw an exception because the token is invlaid, it's too late.

So i need to find another solution : maybe a new listener on Authentification that happen before the main Authentification system
OR do a PR on Symfony Security to add the CSRF Logic inside JSON_Login