I'm working on configuring a new symfony install for security, but my login form won't behave. Whenever i'm redirected to the login page, symfony redirects to https and adds :80 to the domain.
Here's my security.yml
# app/config/security.yml
security:
firewalls:
login:
pattern: ^/login
anonymous: true
main:
pattern: ^/
anonymous: false
form_login:
login_path: /login
check_path: /login_check
logout:
path: /logout
target: /home
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: http }
- { path: ^/secure, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/secure/max, roles: ROLE_ADMIN }
providers:
in_memory:
memory:
users:
ryan: { password: ryanpass, roles: 'ROLE_USER' }
admin: { password: kitten, roles: 'ROLE_ADMIN' }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
The Routing file for my login path controller:
login:
pattern: /login
defaults: { _controller: RGCoreBundle:Default:login }
login_check:
pattern: /login_check
When I visit the home page, i'm redirected to:
https://myserver.com:80/login
...which obviously doesnt work because I dont have SSL configured...
I've tried changing the login route's path and it will update to point at the new path, so it's definately reading the config file...
Where else should I look? This is a fresh install and I wiped out the ACME bundle already.
Update:
I'm diving my way through the Kernel with the debugger and print statements.
So far i can determine it's doing this because, when authentication fails (as it should), a redirect response is generated for "login_path". The call to generateUri calls the original Request objects 'geturi" function.
Tracing this, the cause so far is that the Request object's ServerBag has HTTPS => on.
I haven't figured out where that get's set though.