fix: exclude API routes from CSRF validation
POST endpoints on /v1/* were returning 419 CSRF mismatch because $event->routes() wraps routes in the web middleware group which includes ValidateCsrfToken. External clients (Blesta, curl) can't send CSRF tokens. withoutMiddleware() on /v1/* prefixes fixes this. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude
parent
45ad7f3858
commit
6b2032c687
6 changed files with 24 additions and 6 deletions
|
|
@ -5,6 +5,7 @@ declare(strict_types=1);
|
|||
namespace Mod\Explorer;
|
||||
|
||||
use Core\Events\WebRoutesRegistering;
|
||||
use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
class Boot
|
||||
|
|
@ -18,7 +19,9 @@ class Boot
|
|||
$event->views('explorer', __DIR__ . '/Views');
|
||||
$event->routes(function () {
|
||||
Route::prefix('explorer')->group(__DIR__ . '/Routes/web.php');
|
||||
Route::prefix('v1/explorer')->group(__DIR__ . '/Routes/api.php');
|
||||
Route::prefix('v1/explorer')
|
||||
->withoutMiddleware(ValidateCsrfToken::class)
|
||||
->group(__DIR__ . '/Routes/api.php');
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ namespace Mod\Gateway;
|
|||
|
||||
use Core\Events\FrameworkBooted;
|
||||
use Core\Events\WebRoutesRegistering;
|
||||
use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use Mod\Gateway\Services\GatewayRegistry;
|
||||
|
||||
|
|
@ -18,7 +19,9 @@ class Boot
|
|||
|
||||
public function onWebRoutes(WebRoutesRegistering $event): void
|
||||
{
|
||||
$event->routes(fn () => Route::prefix('v1/gateway')->group(__DIR__ . '/Routes/api.php'));
|
||||
$event->routes(fn () => Route::prefix('v1/gateway')
|
||||
->withoutMiddleware(ValidateCsrfToken::class)
|
||||
->group(__DIR__ . '/Routes/api.php'));
|
||||
}
|
||||
|
||||
public function onFrameworkBooted(FrameworkBooted $event): void
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ namespace Mod\Names;
|
|||
|
||||
use Core\Events\ConsoleBooting;
|
||||
use Core\Events\WebRoutesRegistering;
|
||||
use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use Mod\Names\Commands\RetryDnsTickets;
|
||||
|
||||
|
|
@ -21,7 +22,9 @@ class Boot
|
|||
$event->views('names', __DIR__ . '/Views');
|
||||
$event->routes(function () {
|
||||
Route::prefix('names')->group(__DIR__ . '/Routes/web.php');
|
||||
Route::prefix('v1/names')->group(__DIR__ . '/Routes/api.php');
|
||||
Route::prefix('v1/names')
|
||||
->withoutMiddleware(ValidateCsrfToken::class)
|
||||
->group(__DIR__ . '/Routes/api.php');
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ namespace Mod\Pool;
|
|||
|
||||
use Core\Events\FrameworkBooted;
|
||||
use Core\Events\WebRoutesRegistering;
|
||||
use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use Mod\Pool\Services\PoolClient;
|
||||
|
||||
|
|
@ -20,7 +21,9 @@ class Boot
|
|||
{
|
||||
$event->routes(function () {
|
||||
Route::prefix('pool')->group(__DIR__ . '/Routes/web.php');
|
||||
Route::prefix('v1/pool')->group(__DIR__ . '/Routes/api.php');
|
||||
Route::prefix('v1/pool')
|
||||
->withoutMiddleware(ValidateCsrfToken::class)
|
||||
->group(__DIR__ . '/Routes/api.php');
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ declare(strict_types=1);
|
|||
namespace Mod\Proxy;
|
||||
|
||||
use Core\Events\WebRoutesRegistering;
|
||||
use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
class Boot
|
||||
|
|
@ -15,6 +16,8 @@ class Boot
|
|||
|
||||
public function onWebRoutes(WebRoutesRegistering $event): void
|
||||
{
|
||||
$event->routes(fn () => Route::prefix('v1/proxy')->group(__DIR__ . '/Routes/api.php'));
|
||||
$event->routes(fn () => Route::prefix('v1/proxy')
|
||||
->withoutMiddleware(ValidateCsrfToken::class)
|
||||
->group(__DIR__ . '/Routes/api.php'));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ declare(strict_types=1);
|
|||
namespace Mod\Trade;
|
||||
|
||||
use Core\Events\WebRoutesRegistering;
|
||||
use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
class Boot
|
||||
|
|
@ -17,7 +18,9 @@ class Boot
|
|||
{
|
||||
$event->routes(function () {
|
||||
Route::prefix('trade')->group(__DIR__ . '/Routes/web.php');
|
||||
Route::prefix('v1/trade')->group(__DIR__ . '/Routes/api.php');
|
||||
Route::prefix('v1/trade')
|
||||
->withoutMiddleware(ValidateCsrfToken::class)
|
||||
->group(__DIR__ . '/Routes/api.php');
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue