Following this tutorial i'm developing a web application using symfony authentication/authorization architecture.
After designing the whole structure (routes, pages and security levels) i'm stuck: how can i develop my pages without enter credentials all the time? Is there any way to disable or turn off the entire firewall functionality? Should i use data fixtures?
In your app/config/security.yml file, under the firewalls config option add or modify the dev...
firewalls:
    dev:
        pattern:  ^/
        security: false
The security.firewalls.dev: configuration is used in every Symfony environment (dev,test,prod)!
In Symfony 4, to achieve disabling firewalls for all routes in just dev environment, you could do something like this:
Setup:
config/packages/security.yaml:
parameters:
    # Adds a fallback SECURITY_DEV_PATTERN if the env var is not set.
    env(SECURITY_DEV_PATTERN): '^/(_(profiler|wdt)|css|images|js)/'
security:
    firewalls:
        dev:
            pattern: '%env(SECURITY_DEV_PATTERN)%'
            security: false
Override per Symfony environment:
create a new file config/packages/dev/parameters.yaml:
parameters:
    env(SECURITY_DEV_PATTERN): '^/'
Now all routes are reachable without firewall in Symfony dev environ
Override using environment variables:
You could also override SECURITY_DEV_PATTERN in the .env file:
SECURITY_DEV_PATTERN=^/
This only works if you don't include the .env in your production environment, or if you specifically override the SECURITY_DEV_PATTERN environment variable there as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With