From 4a03b0e7c823ff186160a601d808437ace9d4e32 Mon Sep 17 00:00:00 2001
From: Santiago San Martin <sanmartindev@gmail.com>
Date: Wed, 20 Aug 2025 19:40:40 -0300
Subject: [PATCH] [Security] add `methods` argument to #[IsGranted] to restrict
 access by HTTP method

---
 security.rst | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/security.rst b/security.rst
index 8218b4ec355..9da7771aaa6 100644
--- a/security.rst
+++ b/security.rst
@@ -2523,6 +2523,29 @@ that is thrown with the ``exceptionCode`` argument::
         // ...
     }
 
+You can restrict access validation to specific HTTP methods
+by using the ``methods`` argument::
+
+    // src/Controller/AdminController.php
+    // ...
+
+    use Symfony\Component\Security\Http\Attribute\IsGranted;
+
+    #[IsGranted('ROLE_ADMIN', methods: 'POST')]
+    class AdminController extends AbstractController
+    {
+        // You can also specify an array of methods
+        #[IsGranted('ROLE_SUPER_ADMIN', methods: ['GET', 'PUT'])]
+        public function adminDashboard(): Response
+        {
+            // ...
+        }
+    }
+
+.. versionadded:: 7.4
+
+    The ``methods`` argument was introduced in Symfony 7.4.
+
 .. _security-template:
 
 Access Control in Templates