search

jdesrosiers / silex-cors-provider

A silex service provider that adds CORS services to silex
MIT License
78 stars 25 forks source link

Request matcher #18

Open cyberwolf opened 9 years ago

cyberwolf commented 9 years ago

When using the Silex security service provider, CORS preflight requests get halted by the firewall on secured paths.

It would be handy if this package could offer a RequestMatcher implementation to match these preflight requests and let them pass through the firewall. I could then configure the firewall as follows:

$app['security.firewalls'] = array(
    'authentication' => array(
        'pattern' => '^/auth',
    ),
    'cors-preflight' => array(
        'pattern' => $app['cors_preflight_request_matcher'],
    ),
    'secured' => array(
        'pattern' => '^.*$',
        'uitid' => true,
        'users' => $app['uitid_firewall_user_provider'],
    ),
);

I have some working code already in our project (https://github.com/cultuurnet/silex-uitid-provider/blob/master/src/Security/PreflightRequestMatcher.php), I'd be happy to extract it and contribute it through a pull request, unless you see a better way to accomplish this?

jdesrosiers commented 9 years ago

Great idea, @cyberwolf. I haven't worked much with the security provider, so I have to look into it a bit.