Custom User Provider Factories for the Symfony Security Bundle

Symfony has some great documentation on adding custom security authentication providers, but there is a similarly mature system for user providers. While there is support for custom user providers already which are defined as services within an application, I was looking for a way to provide something similar to the way memory user providers work:… Continue reading Custom User Provider Factories for the Symfony Security Bundle

Handling Authentication Tokens in Single Page Apps

There are broad scenarios in which a single page app (SPA) needs to handle authentication: The SPA is using an API custom built for the app itself -- the API being used is not public in any other way The SPA is using an API built for public consumption -- one with a full fledged… Continue reading Handling Authentication Tokens in Single Page Apps

Working with Multiple Content-Security-Policy Headers

Working with Multiple CSP Headers

Today I've been fighting with Content Security Policy (CSP). Servers may send multiple CSP headers, but there is a catch: Adding additional policies can only further restrict the capabilities of the protected resource I had wrongly assumed that I could pretty up my nginx configuration by splitting up the various *-src directives into separate add_header… Continue reading Working with Multiple Content-Security-Policy Headers