0

I have a Symfony 6.4 (with Api Platform v3.4.5) project. I have a controller that accepts a JSON. The controller picks up the arguments passed via the JSON and calls a Symfony Command with these arguments. The Symfony Command in-turn calls an external API with these arguments obtains a JSON response, parses it and returns it back to the controller.

I tested the Command and obtained the correct results. However when I use CURL and call the controller I get a blank response. I see the following entries in the log

[2025年05月10日T20:23:04.219748+05:30] security.DEBUG: Checking for authenticator support. {"firewall_name":"main","authenticators":1} []
[2025年05月10日T20:23:04.219814+05:30] security.DEBUG: Checking support on authenticator. {"firewall_name":"main","authenticator":"Symfony\\Component\\Security\\Http\\Authenticator\\FormLoginAuthenticator"} []
[2025年05月10日T20:23:04.219849+05:30] security.DEBUG: Authenticator does not support the request. {"firewall_name":"main","authenticator":"Symfony\\Component\\Security\\Http\\Authenticator\\FormLoginAuthenticator"} []

In my security.yaml file I have the following entries

security:
 password_hashers:
 Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
 providers:
 # used to reload user from session & other features (e.g. switch_user)
 app_user_provider:
 entity:
 class: App\Entity\User
 property: username
 firewalls:
 dev:
 pattern: ^/(_(profiler|wdt)|css|images|js)/
 security: false
 main:
 lazy: true
 provider: app_user_provider
 form_login:
 login_path: app_login
 check_path: app_login
 enable_csrf: true
 logout:
 path: app_logout
 # where to redirect after logout
 # target: app_any_route
 # activate different ways to authenticate
 # https://symfony.com/doc/current/security.html#the-firewall
 # https://symfony.com/doc/current/security/impersonating_user.html
 # switch_user: true
 # configure the maximum login attempts
 login_throttling:
 max_attempts: 3 # per minute ...
 # interval: '15 minutes' # ... or in a custom period
 #access_token:
 #token_handler: App\Security\AccessTokenHandler
 # Easy way to control access for large sections of your site
 # Note: Only the *first* access control that matches will be used
 access_control:
 # - { path: ^/admin, roles: ROLE_ADMIN }
 # - { path: ^/profile, roles: ROLE_USER }

I am in the DEV environment. My security.yaml indicates that the security is disabled for DEV. Is there any additional configuration needed before my controllers can be accessed over HTTP.

asked May 10, 2025 at 15:31
1
  • I replaced the regex in the pattern line as follows : pattern: ^/( The route pattern's have to be included to disbale the firewall security in the dev environment Commented May 11, 2025 at 6:21

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.