search

laravel / horizon

Dashboard and code-driven configuration for Laravel queues.
https://laravel.com/docs/horizon
MIT License
3.87k stars 657 forks source link

Horizon 403 on production #207

Closed shy7lo closed 7 years ago

shy7lo commented 7 years ago

Hi, I have a production server provisioned by forge and a laravel 5.5 app with PHP 7.1. I installed horizon and configured it according to my needs including queues by Redis and Daemon according to laravel documentation. I have not enabled Auth for Horizon for now.

When I try to access /horizon, I get this whoops and the status code of request is 403. I am not sure what is the problem here.

On my local machine and development VPS (provisioned by forge and app is deployed by forge too), it is working perfectly.

Attached is a screenshot of the error.

Any help and guidance will be appreciated.

Thank you

screen shot 2017-10-23 at 12 01 42 pm screen shot 2017-10-23 at 12 10 35 pm
niclashedam commented 7 years ago

I have not enabled Auth for Horizon for now.

If you do not provide a specific authentication callback, Horizon will only be available in the local environment. Horizon should never be publicly accessible, as this would be a major security issue.

aditya-rewari-cb commented 4 years ago

I have not enabled Auth for Horizon for now.

If you do not provide a specific authentication callback, Horizon will only be available in the local environment. Horizon should never be publicly accessible, as this would be a major security issue.

How to do this ? I mean how rather where do I provide this specific authentication callback? Thanks

marcosdsdba commented 3 years ago

I have not enabled Auth for Horizon for now.

If you do not provide a specific authentication callback, Horizon will only be available in the local environment. Horizon should never be publicly accessible, as this would be a major security issue.

How to do this ? I mean how rather where do I provide this specific authentication callback? Thanks

After register Horzion in config/app.php

providers[ ... App\Providers\HorizonServiceProvider::class,, ]

Add on HorizonServiceProvider.php use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;

In boot() function place this code:

Horizon::auth(function ($request) { if ($request->ajax()){ return true; } else if (isset($request->checkstatus) && $request->checkstatus == 'ok'){ return true; }else{ throw new UnauthorizedHttpException('Unauthorized'); }

Run php artisan config:clear

Acces Horizon sending querystring parameter: checkstatus=ok Ex.: mydomain.com/horizon/dashboard/?checkstatus=ok

Have a fun!

niclashedam commented 3 years ago

Acces Horizon sending querystring parameter: checkstatus=ok Ex.: mydomain.com/horizon/dashboard/?checkstatus=ok

This is not a very good authorization scheme. You should check that the user is logged in and is an administrator.