added a caution about how to configure security for php-cgi/Apache

4f3375f8 · Fabien Potencier · 2dcb2b1e · 4f3375f8 · 4f3375f8
Commit 4f3375f8 authored Jul 01, 2014 by Fabien Potencier
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 1 deletion

doc/phar.rst doc/phar.rst +1 -1

doc/providers/security.rst doc/providers/security.rst +13 -0

No files found.
--- a/doc/phar.rst
+++ b/doc/phar.rst
@@ -16,7 +16,7 @@ the disk. Then, require it in your script::

    <?php

-    require_once __DIR__.'/silex.phar';
+    require_once 'phar://'.__DIR__.'/silex.phar';

    $app = new Silex\Application();


--- a/doc/providers/security.rst
+++ b/doc/providers/security.rst
@@ -158,6 +158,19 @@ When the user is authenticated, the user stored in the token is an instance of
 `User
 <http://api.symfony.com/master/Symfony/Component/Security/Core/User/User.html>`_

+.. caution::
+
+    If you are using php-cgi under Apache, you need to add this configuration
+    to make things work correctly:
+
+    .. code-block:: apache
+
+        RewriteEngine On
+        RewriteCond %{HTTP:Authorization} ^(.+)$
+        RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteRule ^(.*)$ app.php [QSA,L]
+
 Securing a Path with a Form
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~