I have put my application down for maintenance using php artisan down command.
My custom maintenance page as a email input to accept the email from the user and store in my database to notify the user when the site is back up and running again.
But when I submit the form using POST, I get redirected to the maintenance mode page.
I want one particular route to bypass the maintenance mode. Is it possible?
Okay so I found a way to go about this problem.
In my app/routes file, I have a route as follows:
// app/routes.php
Route::resource('subscriber', 'SubscriberController');
Now this will route will match any request URI for the form subscriber*
In my app/start/global.php file, I did the following inside App::down()
// app/start/global.php
App::down(function() {
if(Request::is('subscriber*')) {
return null;
}
return Response::view('maintenance', array(), 503);
})
Now only for URIs of starting with subscriber, the maintenance mode page will not be displayed.
:D
Related
I just finished api on laravel , it work perfectly on front-end but I want to block api to access via browser or postman or etc, I just want to POST and GET from my front.
for example, if someone run post request in browser:
And if run get request in browser (auth need):
Also if someone run this url api.mywebsite.com, see Laravel intro page, and I don't want to show to user, how can I prevent this?
And last thing, if user runs post or get request in postman, it works, and I only want it to work with my domain. I am using this CORS middleware.
How to prevent user access to get/post request via browser/postman?
How to limit api just on my domain name?
For remove Laravel welcome page:
Go to
route/web.php, comment this line:
return view('welcome');
Or replace with:
return abort(404);
Or you can remove with own route, it return same 404
For remove route login, you need to go to:
app/Http/Middleware/Authenticate.php
Find and replace redirectTo function with:
protected function redirectTo($request)
{
if (! $request->expectsJson()) {
return abort('404');
}
}
Or really redirect to your login page, or etc.
And go to config/cors.php and replace yours with this:
'allowed_origins' => ['http://yourwebsite.com'],
And no need to worry about postman but if you want to avoid people do a direct request to your api you need to use api_token
Oh I forgot your another question, after all, you should not see any of these errors on your browser, except you forget to set these on .env:
APP_ENV=production
APP_DEBUG=false
I am trying to impersonate via an external link. For example https://example.com/?_switch_user=email. So when clicking on a button it will redirect the user and impersonate immediately. That works fine. The issue is when i try to impersonate a new user, it results to a 500 error. As expected because there is a impersonation active. My question is: is it possible to first run https://example.com/?_switch_user=_exit on the background and then redirect to the new user externally.
This is my code so far:
/**
* #Route("/admin/client/{email}", name="client-impersonate")
*/
public function impersonate($email)
{
// first run someting to exit the active impersonation and then redirect below
return $this->redirect('https://example.com/?_switch_user='.$email);
}
My backup solution would be to create some kind of listener on example.com to first check if there is an active impersonation and "exit" that first.
But i was wondering if i can do it also with the code above. (before redirecting)
I've spent too many hours messing with this
I'm just starting with laravel and started a new project.
I want to be able to have a system where a certain users can access the site while it is in development. The rest of the public gets forwarded to the splash page.
I plan to create a secret route that sets a toggle in the session. If this toggle is set then the user can use the entire system. Else they are redirected to the splash page.
The issue is I cannot get it to redirect. I have been adding the code in the bootstrap->start.php file. The standard
header('location:www.thesite.com')
starts doing funny things that I do not understand.
If I run
return Redirect::to(htmlspecialchars_decode($url))
it returns the error:
BadMethodCallException
Method [run] does not exist on Redirect.
I have absolutely no idea what is going on or how to fix it.
Why is the redirection script returning an error? Is start.php not the correct location?
If so how can achieve my objective within laravel?
You should do this in your before filter in app/filters.php like so:
App::before(function($request){
if(!$request->is('splash') && Input::get('allow') != '1')
{
return Redirect::to('/splash');
}
);
Where /splash is your splash screen route. You can then do http://www.example.com?allow=1 to bypass the splash screen.
The before filter is a function that is run before every single route in your application.
Let me know if this works for you!
I try to redirect the user to the login page when he tryes to query the db using a ajax call and the session has expired, all this when using the rights module;
I searched within all the project for 403 and loginRequired and put a die function where text has been found, but i cant find the execution path in order to see why the loginRequired does not trigger;
I am using a gridView and i am using a filter to sort some data, while the session is expired;
I get a error 403: login needed
Does anyone know how to redirect the user in this case?
Try this hint.
1st add this to your config:
...
'components'=>array(
'user'=>array(
...
'loginRequiredAjaxResponse' => 'YII_LOGIN_REQUIRED',
...
),
...
Then in your view (layout) add:
<?php
if (Yii::app()->components['user']->loginRequiredAjaxResponse){
Yii::app()->clientScript->registerScript('ajaxLoginRequired', '
jQuery("body").ajaxComplete(
function(event, request, options) {
if (request.responseText == "'.Yii::app()->components['user']->loginRequiredAjaxResponse.'") {
window.location.href = "/login";
}
}
);
');
}
?>
Should work. This will watch for ajax response, and if it equal to loginRequiredAjaxResponse will redirect to your login url.
It will work on yii>1.1.9. Also you can use not only ajaxComplete event to prevent errors, maybe ajaxSuccess will fit more.
Answer won't fit comment, so addition. Lets watch CWebUser implementation:
public function loginRequired()
{
$app=Yii::app();
$request=$app->getRequest();
if(!$request->getIsAjaxRequest())
{
....
}
elseif(isset($this->loginRequiredAjaxResponse))
{
echo $this->loginRequiredAjaxResponse;
Yii::app()->end();
}
throw new CHttpException(403,Yii::t('yii','Login Required'));
}
So as you can see if our request not ajax - we simply redirect to login url, otherwise if in user component config set loginRequiredAjaxResponse we echo it and end app.
Login required exception invoked if both if's failed. I suppose that you have this message in your response with error page rendered?
Another problem can occure if you use custom User class and rewrite loginRequired() function.
And code above works in my projects, i use user+rights modules stack.
cgridview has a function afterAjaxUpdate that runs after an update has been done. Have you tried using that one to redirect them if a 403 response is received?
There is also ajaxUpdateError http://www.yiiframework.com/doc/api/1.1/CGridView#ajaxUpdateError-detail (probably this is the one you should use) that you might use in the same way, when a 403 response is received, redirect them from javascript to the login page.
When Ive created a new controller, ie in this case Authenticate, Ive also created the folder and file application/views/scripts/authentication/index.phtml
Not a problem when hitting the url http://dev.local/authentication/ but when calling any action ie http://dev.local/authentication/login, I get the error below.
Message: script 'authentication/login.phtml' not found in path (C:\Sites\application\views\scripts\)
Regardless of any changes Im going to make to the login action it shouldnt automatically ask for a new page right? or am I wrong?
By default, each action requires its corresponding view (phtml page). If you want to disable a view/layout for a given action, you can use the following code :
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
EDIT in response to the comment:
I usually don't need to do this, because the actions I have that don't need a view script are redirected/forwared to other actions. For example, once your user is authenticated (i.e. when /authentication/login succeeds), you can redirect him to the home page (or whatever page he was trying to access. Similarly, if the login failed, I simply set an error message in the view and forward to the action that shows the login form.
The only actions for which I use the above code is for actions that are typically called using AJAX and that output some JSON code, for example.