Open zapotocnylubos opened 1 year ago
Hi @zapotocnylubos. Thank you for your report. To speed up processing of this issue, make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:
@magento give me 2.4-develop instance
- upcoming 2.4.x release@magento I am working on this
Join Magento Community Engineering Slack and ask your questions in #github channel. :warning: According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting. :clock10: You can find the schedule on the Magento Community Calendar page. :telephone_receiver: The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.
Hi @engcom-Bravo. Thank you for working on this issue. In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:
Area: XXXXX
label to the ticket, indicating the functional areas it may be related to.2.4-develop
branch@magento give me 2.4-develop instance
to deploy test instance on Magento infrastructure. 2.4-develop
branch, please, add the label Reproduced on 2.4.x
.Issue: Confirmed
once verification is complete. Check your Magento configuration settings for the admin URL. Ensure that it is correctly set in the app/etc/env.php file or through the Magento Admin Panel. Verify that the web server's rewrite rules are properly configured to handle the Magento admin URL. Clear your Magento cache and browser cache to ensure that any previous routing configurations are not causing conflicts. If the issue persists, consult Magento's official documentation for Ehsaas Kafalat program or reach out to their support for specific guidance. CORS Errors:
Cross-Origin Resource Sharing (CORS) errors occur when a web page makes a request to a resource from a different domain, protocol, or port. These errors are typically related to security restrictions imposed by the browser. Ensure that your server is correctly configured to allow cross-origin requests. This may involve setting appropriate response headers, such as Access-Control-Allow-Origin, on the server-side.
I have debugged the problem, this is not helping @Amelia792
The solution for me was to create a composer patch (for magento/module-backend) like this
diff --git a/App/Area/FrontNameResolver.php b/App/Area/FrontNameResolver.php
--- a/App/Area/FrontNameResolver.php
+++ b/App/Area/FrontNameResolver.php
@@ -135,7 +135,7 @@
$host = (string) $this->request->getServer('HTTP_HOST', '');
$hostWithPort = $this->getHostWithPort($backendUrl);
- return !($hostWithPort === null || $host === '') && stripos($hostWithPort, $host) !== false;
+ return !($hostWithPort === null || $host === '') && stripos($hostWithPort, $host) === 0;
}
/**
because I want (and this should be a correct solution) that current domain (host) and admin domain (host) should match from the start of the string, not somewhere in the middle
Hi @zapotocnylubos,
Thank you for reporting and collaboration.
Verified the issue on Magento 2.4-develop instance and the issue is reproducible.Kindly refer the screenshots.
Steps to reproduce
Install Magento and make sure it is working URL should be m2.domain.local
issue :-
The Magento routing mechanism for detecting whether the current page is part of the administration panel seems to have a flaw. Instead of checking if "m2.domain.local" is equal to "admin.m2.domain.local," it checks if "admin.m2.domain.local" contains "m2.domain.local" as a substring. This condition evaluates to true, allowing access to the administration panel via the frontend URL. However, it leads to CORS errors when loading static files due to the different domains used.
admin url is different
frontend is different
Hence Confirming the issue.
Thanks.
:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/AC-9216 is successfully created for this GitHub issue.
:white_check_mark: Confirmed by @engcom-Bravo. Thank you for verifying the issue.
Issue Available: @engcom-Bravo, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.
Hi, this is a single-line patch. Should I prepare PR with the changes mentioned in my patch?
@zapotocnylubos: that would probably speed up the delivery of the fix indeed, so go for it :)
Check your Magento configuration settings for the admin URL. Ensure that it is correctly set in the app/etc/env.php file or through the Magento Admin Panel. Verify that the web server's rewrite rules are properly configured to handle the Magento admin URL. Clear your Magento cache and browser cache to ensure that any previous routing configurations are not causing conflicts. If the issue persists, consult Magento's official documentation for Ehsaas Kafalat program or reach out to their support for specific guidance. CORS Errors:
Cross-Origin Resource Sharing (CORS) errors occur when a web page makes a request to a resource from a different domain, protocol, or port. These errors are typically related to security restrictions imposed by the browser. Ensure that your server is correctly configured to allow cross-origin requests. This may involve setting appropriate response headers, such as Access-Control-Allow-Origin, on the server-side.
What is this Man?
I don't know, I thought it was some AI/bot response
Preconditions and environment
Steps to reproduce
CONFIG__STORES__ADMIN__WEB__UNSECURE__BASE_URL: 'http://admin.m2.domain.local/'
)Expected result
Actual result
The Magento routing mechanism for detecting whether the current page is part of the administration panel seems to have a flaw. Instead of checking if "m2.domain.local" is equal to "admin.m2.domain.local," it checks if "admin.m2.domain.local" contains "m2.domain.local" as a substring. This condition evaluates to true, allowing access to the administration panel via the frontend URL. However, it leads to CORS errors when loading static files due to the different domains used.
Additional information
https://github.com/magento/magento2/blob/35e8e434be0b21072382b3f91c71678efc0242c1/app/code/Magento/Backend/App/Area/FrontNameResolver.php#L138
stripos("admin.m2.domain.local", "m2.domain.local") !== false
evaluates to true. But current domain is m2.domain.local, and it is not part of the administration.stripos("m2.domain.local:8080", "m2.domain.local") !== false
which evaluates to true.Release note
No response
Triage and priority