Symfony2 profiler (toolbar) is disabled behind an HTTPS firewall

StackOverflow https://stackoverflow.com/questions/19770679

Question

I have a problem with the Symfony2 toolbar which is hidden when I add requires_channel: https in order to force HTTPS in some protected area of the website. If I remove requires_channel: https, the Symfony2 toolbar is displayed and I can click on it to see some details about the request (the normal behaviour). If I add requires_channel: https, no toolbar is displayed although the code is present at the end of the pages:

<div id="sfwdt4b56c8" class="sf-toolbar" style="display: none"></div><script>/*<![CDATA[*/    Sfjs = (function() {        "use strict"; [...]

Am I missing something to enable Symfony2 toolbar behind a HTTPS firewall? I used this tutorial to setup the SSL in Apache2, in my development environment on my local computer.

See configuration files below.

Routing

php app/console router:debug

[router] Current routes
Name                                         Method Scheme Host Path
[...]
_wdt                                         ANY    ANY    ANY  /_wdt/{token}
_profiler_home                               ANY    ANY    ANY  /_profiler/
_profiler_search                             ANY    ANY    ANY  /_profiler/search
_profiler_search_bar                         ANY    ANY    ANY  /_profiler/search_bar
_profiler_purge                              ANY    ANY    ANY  /_profiler/purge
_profiler_info                               ANY    ANY    ANY  /_profiler/info/{about}
_profiler_import                             ANY    ANY    ANY  /_profiler/import
_profiler_export                             ANY    ANY    ANY  /_profiler/export/{token}.txt
_profiler_phpinfo                            ANY    ANY    ANY  /_profiler/phpinfo
_profiler_search_results                     ANY    ANY    ANY  /_profiler/{token}/search/results
_profiler                                    ANY    ANY    ANY  /_profiler/{token}
_profiler_router                             ANY    ANY    ANY  /_profiler/{token}/router
_profiler_exception                          ANY    ANY    ANY  /_profiler/{token}/exception
_profiler_exception_css                      ANY    ANY    ANY  /_profiler/{token}/exception.css
[...]

app/config/security.yml:

security:
    [...]
    access_control:
        #~ no authentification:
        - { path: ^/(en|fr)/news, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: http }
        [...]
        #~ Logged in
        - { path: ^/(en|fr)/dashboard, roles: ROLE_USER, requires_channel: https }
        [...]

app/config/config_dev.yml:

web_profiler:
    toolbar: true
    intercept_redirects: false
Was it helpful?

Solution

I resolved this problem by disabling HTTPS in dev environment, the idea came from an unrelated answer by Gottlieb Notschnabel.

An %auth_required_channel% value is defined in the different environments configuration files:

app/config/config_dev.yml

parameters:
    auth_required_channel: 'http'

app/config/config_test.yml

parameters:
    auth_required_channel: 'http'

app/config/config_prod.yml

parameters:
    auth_required_channel: 'https'

app/config/security.yml

This parameter is defined to require the HTTP or HTTPS channel:

security:
    [...]
    access_control:
        [...]
        - { path: ^/(en|fr)/admin, roles: ROLE_ADMIN, requires_channel: %auth_required_channel% }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top