I have a middleware set on all of my web routes that saves the referer to the session if not set so I am able to log it once my visitor converts.
This works most of the time, meaning that sometimes the referer is one of my own pages that is often somewhere in the middle of the whole customer journey, which absolutely makes no sense to me.
So to clarify: the referer is a page where the middleware should have fired and already saved a valid or empty referer. This page is usually not the beginning or the last page before I log.
My simplified middleware:
public function handle(Request $request, Closure $next)
{
if (!$request->session()->has('data')) {
$request->session()->put('data', ['referer' => $request->header('referer')]);
}
return $next($request);
}
Related
I would like to give access to the site if it is redirected from a specific url. If not from that url, site will not show any view or This site can’t be reached page. I know I can use one of these to check the referrer.
$request->header('HTTP_REFERRER')
Request::server('HTTP_REFERER');
request()->headers->get('referer');
Request::header('referer');
url()->previous();
But I don't know where should I put this. Where is the main entry point of the application? As I would like to allow user to see the site after checking the referrer, otherwise no view at all, not even the login page.It would be better to have an example.
You can create a Middleware in app/Http/Middleware :
class ReferrerMiddleware
{
public function handle(Request $request, Closure $next)
{
// TODO : check stuff about referrer here and display a specific view if it doesn't match expected
// If it matches expected continue
return $next($request);
}
}
And then register your Middleware in web or/and api group app/Http/Kernel.php :
'web' => [
// Others middleware applied to web group
\App\Http\Middleware\ReferrerMiddleware::class
],
I have a page in my Laravel project which I need to make available for use throughout iframe. Not the whole app but only one single page available for iframing inside only one trusted domain.
I learned that Laravel has a middleware, which protects the whole app from being displayed via iframe, called FrameGuard
class FrameGuard
{
public function handle($request, Closure $next)
{
$response = $next($request);
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
return $response;
}
}
But this is the framework's middleware, not project files, so can't change it. Even if I had decided to change it I would have to change handle method to
public function handle($request, Closure $next)
{
$response = $next($request);
//$response->headers->set('X-Frame-Options', 'ALLOW-FROM' https://example.com); obsolate
$response->headers->set('Content-Security-Policy' frame-ancestors 'self' https://www.example.com);
return $response;
}
Since it has now a different header would it be the cause of any problems in the future?
Also, if allowing only a single page to be used in iframe programmatically possible do I have to change other configurations like e.g. Nginx settings?
It feels like a lack of information on this topic on the internet. Any thoughts and contributions will be deeply appreciated.
I'm working on a laravel 5.1 application and I want to check if a user session has expired after each request, in order to redirect the user to the login page.
in order to do so I have created a middleware that runs on every request, the handle function looks like this
public function handle($request, Closure $next)
{
if(session_status() === PHP_SESSION_NONE)
{
return redirect()->guest('login');
}
return $next($request);
}
this does not seem to work correctly, because when I type 'localhost:8000' in google chrome it says 'localhost redirected you too many times', I guess it is because the session have not been started since the user is not logged in, so... is there any better way to do this checking?
You can disable middleware in certain routes. by adding the login route to the excepted_urls array. For example, add the following at the beginning of the class:
protected $except_urls = [
'login'
];
or you can disable it in your web.php/routes.php depending of the version of Laravel you're using by employing route grouping
I'm building a package called under-construction. When this package is activated in a config
file the site will be underconstruction only people with the right code can access the
application.
https://github.com/larsjanssen6/underconstruction
The problem that I have right now:
When the code is entered I make an ajax call that hit's this controller method (called check):
https://github.com/larsjanssen6/underconstruction/blob/master/src/Controllers/CodeController.php
If the code is correct a session variable is being set:
session(['can_visit' => true]);
Then in my vue.js code I redirect to /. And it will hit my middleware again. Here I check if a session called can_visit exists.
return session()->has('can_visit');
https://github.com/larsjanssen6/underconstruction/blob/master/src/UnderConstruction.php
But the session variable can_visit is always gone! How is that possible?
Thanks for your time.
You're not loading the session middleware, so session is not started and no values are persisted.
As was mentioned in the comments, even though your protected routes (/) are within the web middleware (read session), your service provider's routes (/under/construction, /under/check) are not (no write session).
The simple fix is to add the session, or even better, the whole web middleware.
$routeConfig = [
'namespace' => 'LarsJanssen\UnderConstruction\Controllers',
'prefix' => 'under',
'middleware' => [
'web', // add this
// DebugbarEnabled::class, // leaving this dead code behind despite vcs
],
];
However, you might quickly run into trouble with infinite redirect loops if a user adds your middleware to their web middleware group. So I would add a check of some sort to make sure you're not on one of the existing underconstruction routes.
public function handle($request, Closure $next)
{
// check this isn't one of our routes
// too bad router hasn't loaded named routes at this stage in pipeline yet :(
// let's hope it doesn't conflict with user's routes
if ($request->is('under/*')) {
return $next($request);
}
if (! $this->config['enabled']) {
return $next($request);
}
if (!$this->hasAccess($request)) {
return new RedirectResponse('/under/construction');
}
return $next($request);
}
And ultimately guessing from the context of this project, I'd expect most people would want to stick this in the global middleware. However, you're going to run into the same session-hasn't-started-yet issues because that doesn't run in the global middleware. So there's more to chew on. Happy coding!
I'm trying to understand how the middleware works in Laravel. Here's my class can any one explain how does its works.?
<?php
namespace App\Http\Middleware;
use Closure;
class CheckAge
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if ($request->age <= 200) {
return redirect('home');
}
return $next($request);
}
}
Thanks
Middleware provide a convenient mechanism for filtering HTTP requests entering your application. For example, Laravel includes a middleware that verifies the user of your application is authenticated. If the user is not authenticated, the middleware will redirect the user to the login screen. However, if the user is authenticated, the middleware will allow the request to proceed further into the application.
Reference
Edit: As explained by #num8er
Middleware is the function (or logic) that stands between router and route handler.
In your code:
public function handle($request, Closure $next)
{
if ($request->age <= 200) {
return redirect('home');
}
return $next($request);
}
$request->age is a variable that provided in request and can be checked on each HTTP request, if its value <= 200 then user redirects to home route.
As you can see what the middleware is, now lets see the code
public function handle($request, Closure $next)
{
if ($request->age <= 200) {
return redirect('home');
}
return $next($request);
}
This code check every request and check the age variable in the request. If the age is less than 200 then the request will be redirect to the home otherwise it will go to the requesting page. Suppose you are requesting /about page but if you can not pass the middleware condition you will be redirected to /home otherwise to /about i.e. given by return $next($request);. Similary works with auth and cors middleware. You can similarly do some check like $request->user->role=='admin' and redirect to admin page or to other page.
return $next($request); this gives you the next requesting route (the original route that have requested)
Middleware provide a convenient mechanism for filtering HTTP requests entering your application. For example, Laravel includes a middleware that verifies the user of your application is authenticated. If the user is not authenticated, the middleware will redirect the user to the login screen. However, if the user is authenticated, the middleware will allow the request to proceed further into the application.
Of course, additional middleware can be written to perform a variety of tasks besides authentication. A CORS middleware might be responsible for adding the proper headers to all responses leaving your application. A logging middleware might log all incoming requests to your application.
https://laravel.com/docs/5.4/middleware#introduction
Middleware is a series of wrappers around your application that decorate the requests and the responses in a way that isn't a part of your application logic.
https://mattstauffer.co/blog/laravel-5.0-middleware-filter-style
Middleware main objective is to restrict the unwanted action and here you can check the user given input values and you can allow is valid only.