I'm setting up FOSJsRoutingBundle on my app. When doing this I realized that the endpoint that returns all routes for the app, there was returning all routes for my internal app. I was digging in the source code, and they didn't apply any filters to the routes returned based on user roles. This is very insecure way of doing things, because for me I can't reveal all the internal routing configuration for my app, because it will lead a security breach, if someone used for example DevTools from chrome check for access to every route in my internal app. The question is, there is a way of accomplishing that, return only the routes accessible for the current user?
How to get the routes available for the authenticated user
76 Views Asked by clcastro87 At
0
There are 0 best solutions below
Related Questions in PHP
- How to add the dynamic new rows from my registration form in my database?
- Issue in payment form gateway
- How to create a facet for WP gridbuilder that displays both parent and child custom fields?
- Function in anonymous Laravel Blade component
- How to change woocomerce or full wordpress currency with value from USD to AUD
- General questions about creating a custom theme Moodle CMS
- How to add logging to an abstract class in php
- error 500 on IIS FastCGI but no clue despite multiple error loggings activated
- Composer installation fails and reverts ./composer.json and ./composer.lock to original content
- How to isolate PHP apps from each other on a local machine(Windows or Linux)?
- Laravel: Using belongsToMany relationship with MongoDB
- window.location.href redirects but is causing problems on the webpage
- Key provided is shorter than 256 bits, only 64 bits provided
- Laravel's whereBetween method not working with two timestamps
- Implementing UUID as primary key in Laravel intermediate table
Related Questions in SYMFONY
- Key provided is shorter than 256 bits, only 64 bits provided
- Troubleshooting form submission in PrestaShop's hookDisplayAdminProductsExtra module
- Symfony Framework - Route cannot be found even if it is defined in Controller
- Opening modal through Update button with specified ID using ajax
- Can't revert a Loggable entity because of a Doctrine repository error
- Symfony form type option issues
- How to redirect all shopware logs (monolog) including plugins (bundles) to single target like a file or stderr
- Serialization Symfony return empty array
- scheb/2fa not detected/working on my project
- Dynamically Adding Serialization Groups to Properties in Symfony 6.4 Using Traits
- symfony No identifier/primary key specified for Entity "App\Entity\Etablissement"
- Symfony basic auth doesn't work specifically in test
- Laravel 11 upgrade with Laravel Nova v.26.4 and Symfony/finder 7
- Does Symfony need the user to be online inorder to handle messages in the messenger queue?
- How to temporary disable Xdebug for cache/container building code, but that it remains enabled for the rest of the execution?
Related Questions in SYMFONY-3.4
- Symfony v3.4 "Command 'command_name' is not defined"
- Symfony 3.4 Assert optional validation callback not working
- The Symfony bundle "hslavich/OneloginSamlBundle" give me a firewall error on login check
- Symfony 3.4 AuthorizationChecker not available
- CommandSubscriber not found after upgrading symfony version 3.4 to 6.2
- How can I set the Policy parameter in the authorization URL with knpuniversity/oauth2-client-bundle?
- Symfony cache issue after upgraded to symfony from 2.8 to 3.4
- Symfony advice : where to place code about an entity that needs complex database queries?
- How to make Doctrine result cache work with Redis on Symfony 3.4
- Issue related to setup of Symfony 3.4
- Symfony3 returns "internal server error 500" only in prod
- After upgrading symfony from 3.4 to 4.4(without flex) getting service or alias has been removed or inlined when the container was compiled
- How to setup a Doctrine test to have automatic rollback of the transaction (to avoid dirtying db)?
- Symfony 3.4 - Dependency Injection for ResettingController of FosUserBundle work only in dev env
- Sonata admin get existing query builder
Related Questions in FOSJSROUTINGBUNDLE
- Symfony 4, install and use the jsrouting-bundle, route of my controller "does not exist"
- JQuery Ajax Asynchronous Redirection
- Get js variable transpiled by Symfony4 Webpack Encore in twig / FosJsRouting bundle
- JsonResponse returns the json response plus the request data in string format problem
- use route FOSJSRoutingBundle in javascript file returns error
- How to use WebPack Encore together with FOSJsRouting?
- Symfony 5 - Last accessed page matches "fos_js_routing_js"
- 4 FOSJSRouting callback=fos.Router.setData & Route not found in production only
- FOSJsRoutingBundle dump with baseurl
- Daterange Filter in Symfony using fosjsrouting Bundle
- Symfony in nginx https + varnish + apache http = redirect loop or
- FOSJsRoutingBundle integration with Symfony Flex
- How to get the routes available for the authenticated user
- FosJSRoutingBundle, route does not exist
- Ajax call in datepicker with selected date jQuery?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?