Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[SecurityBundle] Use Firewall as default tab in the WebProfiler when no token is set #61899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 8.0
Choose a base branch
Loading
from
Open

[SecurityBundle] Use Firewall as default tab in the WebProfiler when no token is set #61899

wants to merge 1 commit into from

Conversation

PierreCapel
Copy link
Contributor

@PierreCapel PierreCapel commented Sep 30, 2025
edited
Loading

Q A
Branch? 8.0
Bug fix? no
New feature? yes
Deprecations? no
License MIT

It feels weird that the "Security" item of the profiler sidebar is shown as disabled and placed in the "not active" components sections even though the request goes through several Security listeners:
image

With this change we disable it only when security is not enabled on the main firewall and we use the Firewall tab as the Security default tab when the token is not set to maintain consistency as pointed out by @MatTheCat :
image

@carsonbot carsonbot added this to the 6.4 milestone Sep 30, 2025
@MatTheCat
Copy link
Contributor

MatTheCat commented Sep 30, 2025
edited
Loading

But the security panel default tab is “Token” so it makes sense greying the menu link if there is none. Else that means you click an “active” link and end up on an empty state:

image

I think this PR would be better by making the “Firewall” tab the default one, but that is yet another change (and not a bugfix).

@PierreCapel PierreCapel changed the base branch from 6.4 to 8.0 October 1, 2025 12:51
@PierreCapel PierreCapel force-pushed the enable-security-in-profiler-sidebar branch from 7e93bae to 07df134 Compare October 1, 2025 12:51
@PierreCapel PierreCapel changed the title [SecurityBundle] Enable item in the profiler sidebar menu when a firewall is active [SecurityBundle] Use Firewall as default tab in the WebProfiler Oct 1, 2025
@stof
Copy link
Member

stof commented Oct 1, 2025

I thin the token tab is more useful as default tab when it is enabled, as the firewall tab describes the config of the project, not per-request information.

@PierreCapel PierreCapel force-pushed the enable-security-in-profiler-sidebar branch from 07df134 to ef92eb5 Compare October 1, 2025 13:39
@PierreCapel PierreCapel force-pushed the enable-security-in-profiler-sidebar branch from ef92eb5 to ed0915a Compare October 1, 2025 13:40
@PierreCapel PierreCapel changed the title [SecurityBundle] Use Firewall as default tab in the WebProfiler [SecurityBundle] Use Firewall as default tab in the WebProfiler when no token is set Oct 1, 2025
@chalasr chalasr modified the milestones: 6.4, 7.4 Oct 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees

No one assigned

Labels

Bug SecurityBundle Status: Needs Review

Projects

None yet

Milestone

7.4

Development

Successfully merging this pull request may close these issues.

5 participants

@PierreCapel @MatTheCat @stof @chalasr @carsonbot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.