Avoid redirection to XHR URIs

author: Alessandro Siragusa <alessandro.siragusa@gmail.com> 2015-05-09 01:05:57 +0200
committer: Fabien Potencier <fabien.potencier@gmail.com> 2015-05-20 10:40:29 +0200
commit: a9a1d5007c7157828e2f833964e7c54fd0b779a6 (patch)
tree: 42697b75e2ed0029c008237a1f94881b4d772cb4 /Http
parent: c7a417a9e3a9712ddd2f8650193232fcf370e3c8 (diff)
download: symfony-security-a9a1d5007c7157828e2f833964e7c54fd0b779a6.zip
symfony-security-a9a1d5007c7157828e2f833964e7c54fd0b779a6.tar.gz
symfony-security-a9a1d5007c7157828e2f833964e7c54fd0b779a6.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
index fac5dc1..57321fb 100644
--- a/Http/Firewall/ExceptionListener.php
+++ b/Http/Firewall/ExceptionListener.php
@@ -194,7 +194,7 @@ class ExceptionListener
     protected function setTargetPath(Request $request)
     {
         // session isn't required when using HTTP basic authentication mechanism for example
-        if ($request->hasSession() && $request->isMethodSafe()) {
+        if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) {
             $request->getSession()->set('_security.'.$this->providerKey.'.target_path', $request->getUri());
         }
     }
author	Alessandro Siragusa <alessandro.siragusa@gmail.com>	2015-05-09 01:05:57 +0200
committer	Fabien Potencier <fabien.potencier@gmail.com>	2015-05-20 10:40:29 +0200
commit	a9a1d5007c7157828e2f833964e7c54fd0b779a6 (patch)
tree	42697b75e2ed0029c008237a1f94881b4d772cb4 /Http
parent	c7a417a9e3a9712ddd2f8650193232fcf370e3c8 (diff)
download	symfony-security-a9a1d5007c7157828e2f833964e7c54fd0b779a6.zip symfony-security-a9a1d5007c7157828e2f833964e7c54fd0b779a6.tar.gz symfony-security-a9a1d5007c7157828e2f833964e7c54fd0b779a6.tar.bz2