Closed activeNathan closed 3 years ago
Ok, so worked out a way to fix - so for anyone else that it may not be obvious for: You can create a controller that extends mediamanager's controller and implement auth middleware in the constructor.
an easier solution would be
Route::middleware(['auth'])->group(function () {
// MediaManager
ctf0\MediaManager\MediaRoutes::routes();
});
Laravel version
php artisan -v
: 6.2 Manager versioncomposer info ctf0/media-manager
: v3.7.3Yes
No visible error
Our site's Content/images/files are not pubic and neither is content management but, the media manager will load and display all files, minus the actual images because we lock down the image routes to auth. So any unauthenticated user can do things like change the name of the files. Anyone can do this on sites using this plugin as far as I can tell.
Yes please, how to secure media manager routes?