minor #19060 [Security] Add post method attribute to json login (vincent-the-oz)

javiereguiluz · javiereguiluz · commit 4dfdbf038b3d · 2024-01-17T16:07:33.000+01:00
This PR was merged into the 5.4 branch. Discussion ---------- [Security] Add post method attribute to json login With json login, restrict the api/login route to post method only. Commits ------- 06127bf Add post method attribute to json login
diff --git a/security.rst b/security.rst
@@ -1054,7 +1054,7 @@ token (or whatever you need to return) and return the JSON response:
 
       class ApiLoginController extends AbstractController
       {
-          #[Route('/api/login', name: 'api_login')]
+          #[Route('/api/login', name: 'api_login', methods: ['POST'])]
     -     public function index(): Response
     +     public function index(#[CurrentUser] ?User $user): Response
           {

Original file line number	Diff line number	Diff line change
`@@ -1054,7 +1054,7 @@ token (or whatever you need to return) and return the JSON response:`
`1054`	`1054`
`1055`	`1055`	`class ApiLoginController extends AbstractController`
`1056`	`1056`	`{`
`1057`		`- #[Route('/api/login', name: 'api_login')]`
	`1057`	`+ #[Route('/api/login', name: 'api_login', methods: ['POST'])]`
`1058`	`1058`	`- public function index(): Response`
`1059`	`1059`	`+ public function index(#[CurrentUser] ?User $user): Response`
`1060`	`1060`	`{`