Description
As of 5.1, routes can be marked stateless which is a great addition. It occurred to me that if a firewall is configured to be stateless, the Request could also automatically receive the stateless attribute if it matches the firewall config.

Example

Security config example:

security:
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt|error)|css|images|js)/
            security: false

        api:
            host: ^api\.
            custom_authenticators:
                - App\Security\ApiTokenAuthenticator
            stateless: true

        main:
            form_login:
                provider: app_user_provider
                login_path: /login
                check_path: /user/login_check

In this case, requests to the api.example.org should get the _stateless attribute automatically, so we get warned if any API usage has a session started.

Using stateless routes in this case is not strictly possible as we have routes usable on both api and regular domain, and they do make use of sessions for user authentication on the regular domain, but not on the API one.

I for now fixed this with a request listener setting the attribute myself, but it would be nice if the framework took care of it.