Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-28306

Symfony 2.8.31 breaks login to PlatformUI over https

    XMLWordPrintable

Details

    Description

      Upgrading to Symfony 2.8.31 (security version) breaks the login to the admin ui over https. Login over http is still possible.

      Maybe this issue "[Security] Validate redirect targets using the session cookie domain" (https://github.com/symfony/symfony/pull/24995) is the reason why.

      Downgrade to symfony 2.8.30 will temporary solve the problem.

      ------------
      Added by Support Team

      When trying to log in to the Platform UI, POST request to https://your-site.dev/api/ezp/v2/user/sessions/xxx/refresh results in 404 error.

      Steps to reproduce

      1. Create new eZ Platform install and access it via https.
      2. Go to /ez.
      3. Try to log in using the default login and password. After clicking the "Login" button, the form will be cleared and you won't be logged in. The browser console will have the following error: 
        POST https://your-site.dev/api/ezp/v2/user/sessions/xxx/refresh 404 (Not Found)

      Attachments

        Activity

          People

            Unassigned Unassigned
            d75588ee-5685-4117-be3b-e5746af05636@accounts.ibexa.co Björn Köster
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: