symfony · jvasseur · May 11, 2022 · Spomky · Mar 8, 2025
@@ -8,6 +8,7 @@ CHANGELOG
  * Deprecate the `Symfony\Component\Security\Core\Security` service alias, use `Symfony\Bundle\SecurityBundle\Security\Security` instead
  * Add `Security::getFirewallConfig()` to help to get the firewall configuration associated to the Request
  * Add `Security::login()` to login programmatically
+ * Allow disabling the redirection on successful logout by passing `null` to the `target` option
 
 6.1
 ---

@@ -413,10 +413,12 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
                 'logout_path' => $firewall['logout']['path'],
             ]);
 
-            $logoutSuccessListenerId = 'security.logout.listener.default.'.$id;
-            $container->setDefinition($logoutSuccessListenerId, new ChildDefinition('security.logout.listener.default'))
-                ->replaceArgument(1, $firewall['logout']['target'])
-                ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
+            if (null !== $firewall['logout']['target']) {
+                $logoutSuccessListenerId = 'security.logout.listener.default.'.$id;
+                $container->setDefinition($logoutSuccessListenerId, new ChildDefinition('security.logout.listener.default'))
+                    ->replaceArgument(1, $firewall['logout']['target'])
+                    ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
+            }
 
             // add CSRF provider
             if (isset($firewall['logout']['csrf_token_generator'])) {

@@ -780,6 +780,25 @@ public function testConfigureCustomFirewallListener()
         $this->assertContains('custom_firewall_listener_id', $firewallListeners);
     }
 
+    public function testDisableLogoutTarget()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', [
+            'firewalls' => [
+                'main' => [
+                    'logout' => [
+                        'target' => null,
+                    ],
+                ],
+            ],
+        ]);
+
+        $container->compile();
+
+        $this->assertFalse($container->hasDefinition('security.logout.listener.default.main'));
+    }
+
     protected function getRawContainer()
     {
         $container = new ContainerBuilder();

@@ -87,13 +87,12 @@ public function authenticate(RequestEvent $event)
         $this->eventDispatcher->dispatch($logoutEvent);
 
         $response = $logoutEvent->getResponse();
-        if (!$response instanceof Response) {
-            throw new \RuntimeException('No logout listener set the Response, make sure at least the DefaultLogoutListener is registered.');
-        }
 
         $this->tokenStorage->setToken(null);
 
-        $event->setResponse($response);
+        if ($response) {
+            $event->setResponse($response);
+        }
     }
 
     /**

@@ -122,8 +122,6 @@ public function testHandleMatchedPathWithoutCsrfValidation()
 
     public function testNoResponseSet()
     {
-        $this->expectException(\RuntimeException::class);
-
         [$listener, , $httpUtils, $options] = $this->getListener();
 
         $request = new Request();
@@ -133,7 +131,11 @@ public function testNoResponseSet()
             ->with($request, $options['logout_path'])
             ->willReturn(true);
 
-        $listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
+        $event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);
+
+        $listener($event);
+
+        $this->assertNull($event->getResponse());
     }
 
     /**