diff --git a/security/access_control.rst b/security/access_control.rst
index 3d854352dba..fef4b42a728 100644
--- a/security/access_control.rst
+++ b/security/access_control.rst
@@ -282,7 +282,7 @@ key:
.. code-block:: xml
-
+
+
@@ -298,12 +299,16 @@ key:
.. code-block:: php
- 'access_control' => [
- [
- 'path' => '^/_internal/secure',
- 'allow_if' => '"127.0.0.1" == request.getClientIp() or is_granted("ROLE_ADMIN")',
+ // config/packages/security.php
+ $container->loadFromExtension('security', [
+ // ...
+ 'access_control' => [
+ [
+ 'path' => '^/_internal/secure',
+ 'allow_if' => '"127.0.0.1" == request.getClientIp() or is_granted("ROLE_ADMIN")',
+ ],
],
- ],
+ ]);
In this case, when the user tries to access any URL starting with ``/_internal/secure``,
they will only be granted access if the IP address is ``127.0.0.1`` or if
@@ -349,16 +354,20 @@ access those URLs via a specific port. This could be useful for example for
xsi:schemaLocation="http://symfony.com/schema/dic/services
https://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
+
+
.. code-block:: php
// config/packages/security.php
$container->loadFromExtension('security', [
+ // ...
'access_control' => [
[
'path' => '^/cart/checkout',
@@ -396,16 +405,20 @@ the user will be redirected to ``https``:
xsi:schemaLocation="http://symfony.com/schema/dic/services
https://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
+
+
.. code-block:: php
// config/packages/security.php
$container->loadFromExtension('security', [
+ // ...
'access_control' => [
[
'path' => '^/cart/checkout',
diff --git a/security/form_login_setup.rst b/security/form_login_setup.rst
index 31b297dc1cc..388942b963e 100644
--- a/security/form_login_setup.rst
+++ b/security/form_login_setup.rst
@@ -254,7 +254,7 @@ a traditional HTML form that submits to ``/login``:
.. code-block:: php
- // app/config/security.php
+ // config/packages/security.php
use App\Security\LoginFormAuthenticator;
$container->loadFromExtension('security', [