Question

使用security.yml文件尽可能地创建保留区域。如何阻止浏览器的返回按钮？

这是我的security.yml文件的内容：


# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:

    # https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded

    encoders:
        AppBundle\Entity\User: bcrypt
        Symfony\Component\Security\Core\User\User: bcrypt

    providers:
        my_provider:
           entity:
              class: AppBundle:User
              property: username

        in_memory:
            memory:
                users:
                    admin: { password: $2y$13$voW4Dn5zM/uCMVcDM16KKeupoIMg2uf6t34SIhlZ6F7aIxEUKovk. }
    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs


        secured_area:
            anonymous: ~
            http_basic: ~
            pattern:    ^/
            form_login:
                login_path: /login
                check_path: /login
                username_parameter: _username
                password_parameter: _password
                always_use_default_target_path: true
                default_target_path: /home
                failure_path: /login
                remember_me: false
            logout:
                path: /logout
                target: /login
                invalidate_session: true
            access_denied_handler: app.security.access_denied_handler

        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            anonymous: ~
            # activate different ways to authenticate

            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
            #http_basic: ~

            # https://symfony.com/doc/current/security/form_login_setup.html
            #form_login: ~

    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/$, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/home, roles: [ROLE_ADMIN, ROLE_TEACHER] }
        - { path: ^/prodotti, roles: ROLE_ADMIN }

这是我的控制器文件：


class SecurityController extends Controller {


      public function homeAction(Request $request) {

       if($this->get('security.context')->isGranted('ROLE_TEACHER')) {


       }else {

            return $this->redirect('http://symfony3.loc/login');  

       }

       die();
       return $this->render('AppBundle:Default:home.html.twig');

      }

      public function loginAction() {

            $authenticationUtils = $this->get('security.authentication_utils');
            $error = $authenticationUtils->getLastAuthenticationError();
            $lastUsername = $authenticationUtils->getLastUsername();          


            return $this->render('AppBundle:Default:alogin.html.twig',                   array('last_username' => $lastUsername, 'error' => $error));
      }

      public function login_checkAction() {

      }

      public function logoutAction(Request $request) {

           $session = new Session();
           $session->clear();

           return $this->redirect('http://symfony3.loc/login');

    }

这是路线档案：


home_page:
   path: /home
   defaults: { _controller: AppBundle:Security:home }

login:
   path: /login
   defaults: { _controller: AppBundle:Security:login }

logout:
   path: /logout
   defaults: { _controller: AppBundle:Security:logout }


login_check:
    path: /login_check

Answer 1

您可以在树枝中编写JavaScript代码，以防止点击浏览器的后退按钮

   <script type="text/javascript">
         history.pushState(null, null, document.URL);
         window.addEventListener('popstate', function () {
         history.pushState(null, null, document.URL);
         });
   </script>

如何防止Symfony 2.8中的浏览器后退按钮？

1 个答案: