Level 1
Solved it via a custom middleware that throws an error in case the wrong user account is logged in, in case anyone faces the same issue
Oct 15, 2024
3
Level 1
Security Rules to protect specific routes - Laravel Forge
I am having the issue of laravel post requests, which are turned into GET Requests, because I added a laravel forge security rule to protect my adminpanel.
The rule's path:
/adminpanel
I can open /adminpanel/login via basic auth but when I send a post Request to log in via inertia:
<script setup>
import {useForm} from '@inertiajs/vue3'
console.log("test")
let form = useForm({
email: '',
password: '',
remember: false,
});
console.log(route('admin.login'))
const login = () => {
form.post(route('admin.login'));
console.log("test, postrequest")
}
</script>
with the following console event:
XHR POST https://mywebsite.com/adminpanel/login-action [HTTP/2 404 106ms]
I receive the following error:
MethodNotAllowedHttpException
HTTP 405 Method Not Allowed
The GET method is not supported for route adminpanel/login-action. Supported methods: POST.
If I remove the security rule, everything works as expected.
Now I am curious if you could help me set up a security rule which let's me login and use my adminpanel, after authenticating once via basic auth. I don't want someone to even find my adminpanel login window
I tried something like:
/adminpanel/*
but it didn't work.
Any ideas?
Or any ideas if it's a controller/middleware/provider config I could adapt.
Level 122
why are you writing your own security?
Level 75
@dogma I suggest look at this https://laracasts.com/series/mastering-permissions-in-laravel
Please or to participate in this conversation.