I am using [statikbe/laravel-cookie-consent] package for cookie policy in my Laravel project and I don't want the modal to be shown on certain pages, so I must add the route to ignored_paths array in the config file. For a route as 'admin/users' every thing is fine but for a route as 'admin/user/{id}' it doesn't work. How can I fix it or how can say all the routes which start with '/admin' don't show the cookie policy?
Related
Seems like there are a lot of posts related to authentication and redirects, but I can't seem to find exactly what I need. I feel like it should be simple.
So, we have a system whereby we want users to enable 2FA and change their passwords every 60 days. We are using Laravel 8 with Jetstream. I am doing a check on login (via modifying config/fortify.php), which works fine, if the password needs to be changed or if they don't have 2FA they get directed on login to their profile page and they see a message saying they need to update their details.
The problem is they can then navigate to any other page without updating anything. Ideally I want them to be redirected back to the profile page until they update their info.
We have the routes inside a middleware group:
Route::middleware(['auth:sanctum', 'verified'])->group(function() {
routes here
});
I thought I could just add a check before any routes load using Auth::user(), but the array is empty and therefore any vars accessed are null.
Auth::users()->role;
I was hoping for something like:
Route::middleware(['auth:sanctum', 'verified'])->group(function() {
if (pass needs resetting and current route isn't profile) {
redirect('/profile');
}
});
I'm assuming that Laravel doesn't authenticate the user until after the middleware has run? Not sure, but that would explain the null values.
So, how would you guys accomplish this? Do I need to modify a controller instead? I just need the user to stay on their profile page until they have updated their data, then they can proceed as normal.
Many thanks for your help.
I followed tutorials and using the below commands I installed all the files needed for register user, login, etc:
composer require laravel/ui
php artisan ui vue --auth
now I have Auth directory in my controllers list and also new forms for register users, login, home and etc are automatically created, I added a link on my page to enter me to registration form, but when I add user, after I hit the register button it says home not found and shows me 404 error which is about route, where I have added Auth::routes(); already to my web blade page. I checked the database, the user is successfully added to the table.
You must add redirectTo property to your auth controller. It's default to /home and you're getting 404 cause you don't have this route.
I'm facing a crazy problem, I've a website running on production and I'm trying to cache my index page using "Page Rules" from cloudflare to speed it up, it does not have dynamic content right now.
The problem is that it does not work probably because laravel always return the view with the XSRF-TOKEN and cloudflare will understand it as not-cachable, I already changed the header (cache-control: max-age=36000, public) but cloudflare always return the header "cf-cache-status: BYPASS) when it should return HIT.
When i try to use the same rule on a file from laravel public folder (the same php file of the view) it works ok and returns HIT.
The solution I can think is trying to remove this XSRF-TOKEN from the header response, but I'm going crazy on how to do this, any tips?
Obs: i tried removing those cookies using
\Config::set('session.driver' , 'array');
\Config::set('cookie.driver', 'array');
But this remove only one cookies not the XSRF-TOKEN one.
I believe you have to remove the CSRF token on pages you want to cache, or implement some sort of JavaScript solution where the CSRF token is being requested the moment you need it.
I found this article that explains your situation (bottom of the article):
https://blog.cloudflare.com/the-curious-case-of-caching-csrf-tokens/
If you are sure that your page does not need the CSRF token (i.e. it doesnt contain any POST/PUT/DELETE functionalities), you can remove the token for that particular page and be fine.
In Laravel, the CSRF-token is managed by \App\Http\Middleware\VerifyCsrfToken, which should be listed in your middleware in \App\Http\Kernel. Removing this middleware will remove it for all routes that use that middleware; so you'll likely have to create a separate middleware-group for pages where you do need CSRF protection.
You might also be able to add to the protected $except = [] property on your VerifyCsrfToken middleware class. This property contains an array of urls that should be excluded from CSRF verification. So you could add '/' to that array, or a wildcard like '/webhook/*'.
I would require a little help here if this method will work out well.
Firstly, I have a backend API server created using Laravel and Laravel Passport. Secondly, I have also created the frontend with Vuejs within the same project. As such, I will be required to use both the api.php and web.php routes. I am also redirecting these routes using vue-router.
Backend
Inside the web.php routes, I have used two different routes because I want to display generic contents on my landing site and the other as an authentication required dashboard.
Example:
web.php
As above, this is to capture the routes which are 404 Not Found that are directly manipulated in the address bar to redirect correctly to their respective pages. I also ended up having two different blade templates named as dashboard.blade.php and home.blade.php respectively. Is this an okay practice for a Laravel-Vuejs project? Or are there ways that you would like to recommend?
dashboard.blade.php
home.blade.php
Login related problem with login page using the layout of the landing page into another layout of the dashboard page
The problem that I am faced with when doing an API login with the password grant is that the login page does not redirect to the dashboard page properly. The URL route does change but the page is rendered as blank.
The login using axios here:
I have managed to fix the problem.
In web.php, since we have
Route::get('/dashboard/{any?}', function () {
return view('dashboard');
})->where('any', '^(?!.*api).*$[\/\w\.-]*');
Inside of my Login.vue redirect handler, I use location.href = '/dashboard' instead of this.$router.push('dashboard').
In laravel, I want the users to create their profile before they can access any other link of the application. Can we create a master route that redirects every link to the profile page if the same has not been filled in as yet.
You would have to wrap all your routes in a middleware that checks if their profile has been filled, if this fails then redirect them to the profile page.
one Possible solution would be this :
Create a variable for each user to say true if his profile is filled or false if not.
then create a middleware to check that variable. if its false to redirect to profile page... your logic. read here for middleware https://laravel.com/docs/5.4/middleware
wrap all your routes with that middleware
in your route file
Route::group(['middleware' => 'yourmiddlewarename'], function() {
//all routes
});