mysite.io/admin/default/jsonadm Option route aborted
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
-
- Posts: 1
- Joined: 15 Jul 2021, 11:18
mysite.io/admin/default/jsonadm Option route aborted
I have setup new shop with sanctum authentication by enabling config
This authentication works fine but routes abort the request.
When I debug this route I found function not working correctly. This function return
Fille: aimeos/aimeos-laravel/src/Aimeos/Shop/Controller/JsonadmController.php
Function: createAdmin()
Line No: 133
Laravel version: 8.49.2
Amios-Laravel: 2021.04.5
Following is the starting line of the function
I am trying this call on postman.
Can anyone please guide me where I am making mistake?
Thanks
Code: Select all
shop.routes.jsonadm
This authentication works fine but routes abort the request.
When I debug this route I found
Code: Select all
url()->previous()
Code: Select all
url()->previous()
Code: Select all
http://mysite.io/mysite.io
Function: createAdmin()
Line No: 133
Laravel version: 8.49.2
Amios-Laravel: 2021.04.5
Following is the starting line of the function
Code: Select all
protected function createAdmin() : \Aimeos\Admin\JsonAdm\Iface
{
// allow requests only if they are from within the admin backend
$cnt = count( explode( '/', request()->route()->getPrefix() ) ) - 1;
$base = request()->root() . '/' . join( '/', array_slice( request()->segments(), 0, $cnt ) );
// dd(url()->previous(), $base, strlen( $base ));
if( strncmp( url()->previous(), $base, strlen( $base ) ) ) {
//[b]This abort triggered[/b] due to [b]url()->previous()[/b] function
abort( 403 );
}
Can anyone please guide me where I am making mistake?
Thanks
Re: mysite.io/admin/default/jsonadm Option route aborted
This check was introduced to avoid XSS vulnerabilities that affect the backend when browsing the frontend. But I think they are pretty useless because they can be circumvented easily. Thus, I've removed them again.
You can get the latest version using:
You can get the latest version using:
Code: Select all
composer req aimeos/aimeos-laravel:2021.07.x-dev
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, give us a star
If you like Aimeos, give us a star