8000 Any URI starting with bolt.backend_url is treated as restricted · Issue #3504 · bolt/core · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Any URI starting with bolt.backend_url is treated as restricted #3504
Open
@lafor

Description

@lafor

Bolt treats any URI starting with bolt.backend_url string as restricted, even if not immediately followed by a slash.

Details

Question Answer
Relevant Bolt Version 5.1.24
Install type Composer install
PHP version 8.2

Reproduction

Steps to reproduce

Log out from the backend if logged in. Assuming your bolt.backend_url (as defined in config/services.yaml) is the default /bolt, try accessing an URI like /bolts-and-nuts.

Expected result

You should be served /bolts-and-nuts resource if it exists, or 404 if it doesn't.

Actual result

You're redirected to /bolt/login.

Fix

Paths ending with bolt.backend_url in access_control definitions of config/packages/security.yaml should include trailing slashes, e.g.:

- { path: '^%bolt.backend_url%/', roles: IS_AUTHENTICATED_REMEMBERED }
- { path: '^/(%app_locales%)%bolt.backend_url%/', roles: IS_AUTHENTICATED_REMEMBERED }

Metadata

Metadata

Assignees

No one assigned

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0