8000 :bug: Does not redirect ot login if url start by /bolt... by macintoshplus · Pull Request #3573 · bolt/core · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

🐛 Does not redirect ot login if url start by /bolt... #3573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 5.2
Choose a base branch
from
Open

🐛 Does not redirect ot login if url start by /bolt... #3573

wants to merge 1 commit into from

Conversation

Copy link
Contributor

Issue #3504 Fix the security side effect on URL start with /bolt.

  • /bolt$ is secured and redirect on login if need. 🔒
  • /bolt/new/page is secured and redirect on login if need. 🔒
  • /bolt-and-nuts Not secured. 🔓

@macintoshplus macintoshplus self-assigned this Mar 17, 2025
bobvandevijver
bobvandevijver requested changes Jul 5, 2025
View reviewed changes
Copy link
Member
@bobvandevijver bobvandevijver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, but it will require a yaml migration as well so it is to be applied to existing installations. See for example https://github.com/bolt/core/blob/master/yaml-migrations/m_2022-02-16-security_1.yaml.

@macintoshplus
Copy link
Contributor Author

This looks good, but it will require a yaml migration as well so it is to be applied to existing installations. See for example https://github.com/bolt/core/blob/master/yaml-migrations/m_2022-02-16-security_1.yaml.

It's not possible. The YAML migration tool doesn't work fine with an array. This change requires two migrations. One for removing older configuration and one for adding new configuration.

The remove migration like

# See: https://github.com/bolt/core/issues/3504

file: packages/security.yaml
since: 5.2.1
remove:
    security:
        access_control:
            - { path: '^%bolt.backend_url%', roles: IS_AUTHENTICATED_REMEMBERED }
            - { path: '^/(%app_locales%)%bolt.backend_url%', roles: IS_AUTHENTICATED_REMEMBERED }

Apply the removing migration generate this error:

PHP Fatal error:  Uncaught TypeError: YamlMigrate\ArrayMerge::removeArrayRecursively(): Argument #1 ($origin) must be of type array, string given, called in /home/user/dev/bolt/bolt-5.2/vendor/bobdenotter/yaml-migrations/src/ArrayMerge.php on line 62 and defined in /home/user/dev/bolt/bolt-5.2/vendor/bobdenotter/yaml-migrations/src/ArrayMerge.php:54

To apply this change, it's necessary to upgrade the YAML migration tool to add the updating action like kaliop/ezmigrationbundle.

@macintoshplus macintoshplus force-pushed the issue_3504_fix_non_admin_route_start_by_bolt branch from 4769ed8 to dbde662 Compare July 7, 2025 08:46
@macintoshplus
Copy link
Contributor Author

I've added the upgrade file and updated the changelog.

This patch may have already been applied to users' Bolt projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobvandevijver bobvandevijver bobvandevijver requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@macintoshplus macintoshplus

Labels
🐛 tag: bug fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@macintoshplus @bobvandevijver
0