The "Symfony Secure Edition" distribution
Welcome to the Symfony Secure Edition - a fully-functional Symfony2 application that you can use as the skeleton for your new responsive applications.
It's a fork from Symfony Standard Edition.
We did some simple clean up, and add new function to help make a more secure and responsive application.
This document contains information on how to download, install, and start using Symfony. For a more detailed explanation, see the Installation chapter of the Symfony Documentation.
When it comes to installing the Symfony Secure Edition, you have the following options.
As Symfony uses Composer to manage its dependencies, the recommended way to create a new project is to use it.
If you don't have Composer yet, download it following the instructions on http://getcomposer.org/ or just run the following command:
curl -s http://getcomposer.org/installer | php
Then, use the
create-project command to generate a new Symfony application:
php composer.phar create-project phil/symfony-secure-edition path/to/install
Composer will install Symfony and all its dependencies under the
Before starting coding, make sure that your local system is properly configured for Symfony.
check.php script from the command line:
The script returns a status code of
0 if all mandatory requirements are met,
config.php script from a browser:
If you get any warnings or recommendations, fix them before moving on.
This distribution is meant to be the starting point for your Symfony applications, but isn't meant for you to learn and play with.
A great way to start learning Symfony is via the Quick Tour, which will take you through all the basic features of Symfony2.
Once you're feeling good, you can move onto reading the official Symfony2 book.
There's ain't any default
The Symfony Secure Edition is configured with the following defaults:
Twig is the only configured template engine;
HTML 5 and CSS Reset;
Doctrine ORM/DBAL is configured;
Swiftmailer is configured;
Content Security Policy to self;
Signed Cookies (all) and Encrypted Cookies (prod);
External Redirects Detection;
Disable Content Type Sniffing;
Build.xml (for Phing) is configure to correct logs and cache rights;
Annotations for everything are enabled.
It comes pre-configured with the following bundles:
FrameworkBundle - The core Symfony framework bundle
SensioFrameworkExtraBundle - Adds several enhancements, including template and routing annotation capability
DoctrineBundle - Adds support for the Doctrine ORM
TwigBundle - Adds support for the Twig templating engine
SecurityBundle - Adds security by integrating Symfony's security component
SwiftmailerBundle - Adds support for Swiftmailer, a library for sending emails
MonologBundle - Adds support for Monolog, a logging library
AsseticBundle - Adds support for Assetic, an asset processing library
JMSDiExtraBundle - Allows to configure dependency injection using annotations
JMSSecurityExtraBundle - Enhances the Symfony2 Security Component by adding several new features.
NelmioCorsBundle - Adds Cross-Origin Resource Sharing (CORS) headers support
NelmioSecurityBundle - Provides additional security features for your Symfony2 application: Content Security Policy, Signed Cookies, Encrypted Cookies, Clickjacking Protection, External Redirects Detection, Forced HTTPS/SSL Handling, Flexible HTTPS/SSL Handling, Disable Content Type Sniffing
WebProfilerBundle (in dev/test env) - Adds profiling functionality and the web debug toolbar
SensioDistributionBundle (in dev/test env) - Adds functionality for configuring and working with Symfony distributions
SensioGeneratorBundle (in dev/test env) - Adds code generation capabilities
It come with vulnerabilities checkup:
Iniscan (in /bin) A scanner to evaluate php.ini security
Versionscan (in /bin) A tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues.
The Symfony Secure Edition remove the following bundles versus the Symfony Standard Edition
- AcmeDemoBundle (in dev/test env) - A demo bundle with some example code
The libraries and bundles included in the Symfony Secure Edition are released under the MIT or BSD or Apache2 license.