-2

In a Symfony 5.x project I use knplabs/knp-snappy-bundle.

Having private data-folders for different users results in generating PDF-documents that require images from folders which are not publicly accessable.

When trying to generate a PDF-document with an image in such a folder knpsnappy runs into a 60 sec timeout. The Symfony log says

Guard authenticator does not support the request.

I assume something regarding the "external" tool knpsnappy calling from outside the application but from the same server but does not triggering any security definition I defined. I am unsure on how to allow knpsnappy to access a specific route. Maybe someone can lead me into the right direction...?

Stephan Vierkant
  • 9,674
  • 8
  • 61
  • 97
user3440145
  • 793
  • 10
  • 34
  • This can be solved by adding a public route that returns the images. You could use uuids to make it near impossible for attackers to guess the image urls. If that's not save enough you could add a restriction for the route to be only accessable if the ip is your servers. – Vyctorya Apr 30 '20 at 15:13
  • @Vyctorya Thanks. That sounds great. Could you give me a hint on how to define a security rule that makes a route completely pulbic? Not having a security rule for a route at all gives me the same message as defining a rule that gives access to IS_AUTHENTICATED_ANONYMOUSLY -> that would be "Guard authenticator does not support the request." as mentioned in my post. Any hints there? – user3440145 Apr 30 '20 at 17:29
  • @Vyctorya Maybe I can clarify that: Adding "{ path: ^/[my_path], ip: [my_server_ip] }" having ip set to the one the reqzest comes from doesn't help. It seems not to handle the request. Do I have to define a GuardAuthenticator myself to be able to catch this request and have it acceppted? I don't see why this should be required as the mentioned access rule should catch it. Shouldn't it? – user3440145 May 02 '20 at 09:26
  • You shouldn't need a custom authenticator. The order of the routes is important too. Maybe there is a more general route before? Also it should be 'ips' instead of 'ip' https://symfony.com/doc/current/security/access_control.html#matching-access-control-by-ip – Vyctorya May 04 '20 at 09:07
  • Just googled the error and found this https://github.com/symfony/symfony/issues/24252 Maybe you need to return null in getCredentials if it's the image url. – Vyctorya May 04 '20 at 09:12

1 Answers1

0

I was misslead. The cause of the problem wasn't access rights but the way the img-pathes were defined. knp snappy wont be able to render images with URL-routes. I switched the pathes to be absolut server pathes and now it works. Found the solution here: KnpSnappyBundle and Symfony 3.4 : images and/or css cause timeout

user3440145
  • 793
  • 10
  • 34