[Feature Proposal] Except routes from maintenance mode

[thannaske]

Maintenance mode is checked on every request by utilizing a middleware. Thereby it would be no problem to add an argument for the artisan down command that exempt routes from maintenance mode.

Background In some countries (especially EU-countries) you are required by law to display several information about your business, even when your application is in maintenance mode. Or you may want to disable the backend functionality but still want that a user is able to access static pages that informs him about your application. Laravel's maintenance mode is currently just a binary state: Either the whole Laravel application is in maintenance or not. With the --except argument you could exclude single routes (e.g. to your legal/terms/privacy routes or other static pages) to be affected from the maintenance mode.

Possible implementation

• Just add another argument (besides the already existing --allow <CIDR/IP> argument) to prevent maintenance mode middleware is redirecting the user in case of given route name, etc.
• Add a chained method for the routes/web.php (like e.g. Route::get('/foo', [...])->withoutMaintenance();)

[sisve]

you are required by law to display several information about your business, even when your application is in maintenance mode.

I'm interested in knowing more about this. Do you have any articles where I can find out more about it, perhaps links to the relevant regulations?

[thannaske]

For Germany it’s § 5 TMG (German Telemedia Law). It requires any website that is reachable by the public to put a so called „Impressum“ on it unless it‘s for private/family purposes only. So it affects nearly every website that is hosted by a German of a German legal entity. In this Impressum you need to put your name, postal address, e-mail address, etc.

[thannaske]

In the European Union there is the e-commerce directive (2000/31 EC). You can find a version of it in your language on the following page: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32000L0031

Article 5 section 1 of this mandatory directive states in the English version: "In addition to other information requirements established by Community law, Member States shall ensure that the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information: (a) the name of the service provider; (b) the geographic address at which the service provider is established; (c) the details of the service provider, including his electronic mail address, which allow him to be contacted rapidly and communicated with in a direct and effective manner; (d) where the service provider is registered in a trade or similar public register, the trade register in which the service provider is entered and his registration number, or equiva- lent means of identification in that register; [...]" (Highlighting done by me)

Permanently accessible means even accessible if the page is currently under maintenance. So in nearly every application I build I need to integrate those basic information about the service provider to be compliant with the German and EU law. A small helper like my suggested --except argument could provide an easy way to make those (generally static pages) accessible even when the other part of the application is under maintenance.

[Miguel-Serejo]

A common practice I see is to add your contact information to your maintenance page. That would solve your problem while this isn't implemented.

Also, that wording sounds incomplete. Interpreted literally, it would mean that if you experience any service outage (i.e. your servers go offline, not just into maintenance mode), you'd be breaking the law.

[thannaske]

Indeed this is kind of illogical. As I'm from Germany my research about this topic is somewhat limited to legal sources in my mother tongue but as I could find out there was a judgement that even a "a new website is coming soon" page could need an information page like this depending on the individual case. Our judges determine whether the page is a kind of "business activitiy" of the service provider ("geschäftsmäßige Betätigung"). Complicated thematics.

But maybe there are other constellations where you want to display some more static pages (e.g. with your privacy information, which became important due to the GDPR, because you need to inform your user about the way you process his data (e.g. log his IP address in your web server log, etc.)).

However my proposal is not about the correct implementation of legal texts to be compliant with your home-based law. It's just a possible use case for my suggested feature. At least the EU-based Laravel community could benefit from something like this, because if you want to put all this information on your maintenance page it gets overloaded pretty fast.

[thannaske]

Discarded the idea of modifying the artisan down command. Instead adopted the same technique used in the VerifyCsrfToken middleware: Define URIs that shall be excluded from maintenance mode handling by adding them to a $except array. If the pull request to laravel/framework succeeds, I'll file another one to add a middleware stub to the laravel/laravel repository.

[drbyte]

Additional inspiration you may consider: https://github.com/spatie/laravel-demo-mode