HEAD request increases num_visits

[Laupet]

Hello @cesargb :)

I'm sending login links to users that are only valid for one visit. This is to prevent users from sharing their login link with others. I've found that Outlook users are having issues with this. When they click the link in Outlook the url is "scanned" by Outlook and that "scan" is basicly doing the first visit. So when the browser opens the link, it is no longer valid.

I see in the logs that Outlook performs an HEAD request to the URL. Then the browser performs the GET request.

192.168.0.6 - [10/Apr/2023:14:55:44 +0200] "HEAD /host/login/82875115-1b3f-4303-8f55-4241a4248c53:GjZTBY5kxv HTTP/1.1" 302 -
192.168.0.6 - [10/Apr/2023:14:55:45 +0200] "GET  /host/login/82875115-1b3f-4303-8f55-4241a4248c53:GjZTBY5kxv HTTP/1.1" 301 502

I didnt find anyway to stop HEAD requests in the route, but in the middleware it can be added. I've tested adding this to MagiclinkMiddleware. Works fine.

if ($request->method() != "GET") {
    die();
}

Do you think this is something that makes sense to add to this package?

[cesargb]

@Laupet Thanks for your feedback, this is really a bug of this package

Effectively, a head call increases the number of visits but does not expose the actions.

The guard that you tell me solves it, although I would prefer not to call the die() method, but to return the $next($request) method

if($request->method() !== 'GET') {
    return $next($request);
}

In this way, the flow of the application is not broken.

If you wish, you can upload a PR that solves this bug, otherwise I will try to publish a new release correcting this bug this week

Thank you for your cooperation

[cesargb]

@Laupet the version v.2.16.1 fix this issue