Description
Symfony version(s) affected: 4.4
Description
https://symfony.com/doc/current/configuration/env_var_processors.html says that there are json and csv processors which can be used for environment variables like %env(csv:TRUSTED_HOSTS)% with env(TRUSTED_HOSTS): "10.0.0.1, 10.0.0.2"
However using this for IP-protection in security.yml like https://symfony.com/doc/current/security/access_control.html#matching-access-control-by-ip fails with Invalid type for path "security.access_control.2.ips.0". Expected one of "bool", "int", "float", "string", but got "array".
How to reproduce
- config/packages/security.yaml
security:
# ...
access_control:
- { path: '^/internal', roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: '%env(csv:TRUSTED_HOSTS)%' }
- { path: '^/internal', roles: ROLE_NO_ACCESS }
- .env.local.php
return array (
...
'TRUSTED_HOSTS' => '10.0.0.1, 10.0.0.2',
...
);
Execute bin/console cache:clear
The same is happening when using json-processor with %env(csv:TRUSTED_HOSTS)% and 'TRUSTED_HOSTS' => '["10.0.0.1", "10.0.0.2"]',
Additional context
Failure message:
In BaseNode.php line 543:
Invalid type for path "security.access_control.2.ips.0". Expected one of "bool", "int", "float", "string", but got "array".