search

Kyon147 / laravel-shopify

A full-featured Laravel package for aiding in Shopify App development
MIT License
353 stars 102 forks source link

IframeProtection forced on web route group, should be customizable from config/shopify-app.php #153

Open CetoBasilius opened 1 year ago

CetoBasilius commented 1 year ago

My Laravel App has two sides, and my shopify routes reside in a /shopify route. So right now for the rest of my routes on web.php i have to do:

use Osiset\ShopifyApp\Http\Middleware\IframeProtection;

Route::group([
    'prefix' => '',
    'excluded_middleware' => [IframeProtection::class],
], function () {
    // A Ton of routes
});

// Then my 8 shopify endpoints
Route::get('/merchant', [Controllers\MerchantController::class, 'viewHomepage'])->name('merchant.home');
// etc

I now have moved my shopify routes to its own routes/shopify.php and set its own throttle on RouteServiceProvider but it would be handy to be able to change that 'web' route group name to something customizable from config/shopify-app.php, in my case i would use 'shopify' so i could remove that whole excluded_middleware nonsense

https://github.com/Kyon147/laravel-shopify/blob/63bf14e42ff3644c0a53f84097f4cef9a050f7d5/src/ShopifyAppProvider.php#L313

CetoBasilius commented 1 year ago

Then in Kernel in middlewaregroups

'shopify' => [
            'throttle:shopify',
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            // \App\Http\Middleware\VerifyCsrfToken::class, // Seems i can now exclude
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \Osiset\ShopifyApp\Http\Middleware\IframeProtection::class,
            'verify.shopify',
        ],

Now i don't need to modify VerifyCsrfToken middleware if I do it this way