[Security] Simplifying the DEV firewall's pattern

security.rst

@@ -497,7 +497,7 @@
  # the order in which firewalls are defined is very important, as the
  # request will be handled by the first firewall whose pattern matches
  dev:
- pattern: ^/(_(profiler|wdt)|css|images|js)/
+ pattern: ^/_profiler|_wdt|assets|build/ # `assets` is for AssetMapper; `build` is for Webpack Encore
  security: false
  # a firewall with no pattern should be defined last because it will match all requests
  main:
@@ -509,7 +509,7 @@
  # https://symfony.com/doc/current/security.html#firewalls-authentication
 
  # https://symfony.com/doc/current/security/impersonating_user.html
  # switch_user: true
 
  .. code-block:: xml
 
@@ -529,8 +529,8 @@
  <!-- the order in which firewalls are defined is very important, as the
  request will be handled by the first firewall whose pattern matches -->
  <firewall name="dev"
- pattern="^/(_(profiler|wdt)|css|images|js)/"
- security="false"/>
+ pattern="^/_profiler|_wdt|assets|build/"
+ security="false"/> <!-- `assets` is for AssetMapper; `build` is for Webpack Encore -->
 
  <!-- a firewall with no pattern should be defined last because it will match all requests -->
  <firewall name="main"
@@ -555,7 +555,7 @@
  // the order in which firewalls are defined is very important, as the
  // request will be handled by the first firewall whose pattern matches
  $security->firewall('dev')
- ->pattern('^/(_(profiler|wdt)|css|images|js)/')
+ ->pattern('^/_profiler|_wdt|assets|build/') // `assets` is for AssetMapper; `build` is for Webpack Encore
  ->security(false)
  ;
 
@@ -598,9 +598,7 @@
  pattern:
  - ^/_profiler/
  - ^/_wdt/
- - ^/css/
- - ^/images/
- - ^/js/
+ - ^/assets/
  # ...
 
  .. code-block:: php
@@ -614,9 +612,7 @@
  ->pattern([
  '^/_profiler/',
  '^/_wdt/',
- '^/css/',
- '^/images/',
- '^/js/',
+ '^/assets/',
  ])
  ->security(false)
  ;