Skip to content

warn of Symfony\Component\Security\Core\Authorization\Voter\Voter use with subjects #20732

New issue
New issue
Closed
Closed
warn of Symfony\Component\Security\Core\Authorization\Voter\Voter use with subjects#20732
Labels
SecurityWaiting feedback
@landure

Description

@landure
landure
opened on Mar 7, 2025

Symfony\Component\Security\Core\Authorization\Voter\Voter is a CacheableVoterInterface.

The results are cached by subject class, not by subject value, or ORM\Id.

When the Voter must depend on the subject value (or state), the Voter result should not be cached.

Please add a warning like this one:

The AccessDecisionManager cache voters' results by subject class, not by subject value. If the Voter result depends on the subject value, don't extend Symfony\Component\Security\Core\Authorization\Voter\Voter, implement VoterInterface directly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    SecurityWaiting feedback

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions