问题
I have simple login page and security set up like this:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
use_referer: true
always_use_default_target_path: true
default_target_path: /
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_ADMIN }
And in my base.html.twig file I have
{% stylesheets '@BrStgCcBundle/Resources/public/css/bootstrap.css' %}
<link rel="stylesheet" href="{{ asset_url }}" />
{% endstylesheets %}
And including those file works only if I'm authorized in app. So after login the system finds this asset, but before not it does not, and when I follow generated link by assetic I'm redirected to login page.
In view the link looks like this:
<link rel="stylesheet" href="/app_dev.php/css/026adfc_bootstrap_1.css" />
This file existin on drive, and when called when logged shows proper CSS when not logged it redirects me to login page.
回答1:
This is normal. You are saying that everything under the root dir (pattern: ^/) is behind the main firewall and that to access these files you need to be an admin (path: ^/, role: ROLE_ADMIN). So you need to set another rule and say that the css directory can be accessed anonymously:
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
回答2:
Also I've found that this helps if added to security.yml:
firewalls:
dev:
pattern: ^/(_profiler|_wdt|css|js|assets)
security: false
来源:https://stackoverflow.com/questions/12148272/assetic-files-in-symfony-are-behind-the-firewall