Pagination on signed URL

I have a temporary signed route. On that route I render a table with data and pagination. That works great, except pagination won't work.

When I try to go to another page, I get a 403 invalid signature.

So this works: /shared/user-view?expires=1737465172&id={id}&signature={signature}

This doesn't: /shared/user-view?expires=1737465172&id={id}&signature={signature}&page=1

How can I make the pagination work on a signed route?

tykus

1 year ago

Best Answer

Level 104

You can write your own middleware replacing the framework's signed middleware on the Route, e.g. write the middleware to check the signature while ignoring the page query param:

// app/Http/SignedWithPaginator.php
public function handle(Request $request, Closure $next): Response
{
    abort_unless($request->hasValidSignatureWhileIgnoring(['page']), 403, 'Invalid Signature');

    return $next($request);
}

Add your new middleware to the Route definition:

// routes/web.php
use App\Http\Middleware\SignedWithPaginator;

Route::get('/shared/user-view', [Controller::class, 'action'])
    ->name('user-view')
    ->middleware([SignedWithPaginator::class]);

1 like

Yorgv

1 year ago

Level 1

@tykus I fixed it by extending Illuminate/Routing/Middleware/ValidateSignature.php and overriding the $ignore property. Thanks!

martinbean

1 year ago

Level 80

@yorgv You need to generate new signed URLs for each page.

If you just ignore the page parameter, then that defeats the point of using signed URLs in the first place, as any one who discovers the signature can then just enumerate and scrape each and every page with the same signature tacked on the end of the URL.

Please or to participate in this conversation.