Embed route must be skipped, otherwise it will not work with sessions#50
Open
MasterZydra wants to merge 2 commits intowire-elements:2.xfrom
Open
Embed route must be skipped, otherwise it will not work with sessions#50MasterZydra wants to merge 2 commits intowire-elements:2.xfrom
MasterZydra wants to merge 2 commits intowire-elements:2.xfrom
Conversation
Co-authored-by: Laurin Stapf <72888948+LaurinStapf@users.noreply.github.com> Co-authored-by: J. Glück <65236355+JGlueck-WIKA@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes a 419 CSRF error that occurs when accessing the wire-extender embed route with sessions enabled. The fix adds a CSRF bypass for the /livewire/embed route by checking the request URI before applying CSRF validation.
Changes:
- Added
getEmbedUri()method to return the embed route path - Added CSRF bypass condition for the embed route in the
IgnoreForWireExtendermiddleware - Named the embed route as 'wire-extender.embed' for route matching capabilities
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/WireExtender.php | Added getEmbedUri() method to retrieve the embed route path using Laravel's route helper |
| src/Http/Middlewares/IgnoreForWireExtender.php | Added early return to bypass CSRF check when request is to the embed route; reordered comparison operands in isLivewireUpdateRequest() for consistency |
| routes/api.php | Added route name 'wire-extender.embed' to the embed route; removed unused import |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Laurin Stapf <72888948+LaurinStapf@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR resolves an issue where loading the embed route fails when using wire-extender with sessions enabled.
To address this, a condition has been added to bypass the CSRF check for the embed route.
@PhiloNL this could be a fix for the 419 status codes on the embed route like in #33 and #39