Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-28306

Symfony 2.8.31 breaks login to PlatformUI over https

    XMLWordPrintable

    Details

      Description

      Upgrading to Symfony 2.8.31 (security version) breaks the login to the admin ui over https. Login over http is still possible.

      Maybe this issue "[Security] Validate redirect targets using the session cookie domain" (https://github.com/symfony/symfony/pull/24995) is the reason why.

      Downgrade to symfony 2.8.30 will temporary solve the problem.

      ------------
      Added by Support Team

      When trying to log in to the Platform UI, POST request to https://your-site.dev/api/ezp/v2/user/sessions/xxx/refresh results in 404 error.

      Steps to reproduce

      1. Create new eZ Platform install and access it via https.
      2. Go to /ez.
      3. Try to log in using the default login and password. After clicking the "Login" button, the form will be cleared and you won't be logged in. The browser console will have the following error:
        POST https://your-site.dev/api/ezp/v2/user/sessions/xxx/refresh 404 (Not Found)
        

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            mediata Björn Köster
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: