Open michellaurent opened 2 months ago
mikebronner
commented
2 months ago @michellaurent Thank you for reporting this. I'm not sure how soon I will be able to look into this, so if you are able to submit a PR with proposed changes, that would greatly help.
michellaurent
commented
2 months ago @mikebronner
There is a check in Providers\Service.php to determine if the routes has to be loaded in the web middleware group or not. I think that this check fails when routes are cached.
app('router')->group(app("router")->hasMiddlewareGroup('web')
? ['middleware' => 'web']
: [], function () {
require __DIR__ . '/../../routes/web.php';
if (config("app.env") === 'internaltesting') {
require __DIR__ . '/../../tests/routes/web.php';
}
});I don't understand the reason of this check as the VerifyCRSFmiddleware only applies to web
It looks like that replacing the previous code with the code below (removing the check) solves the issue.
app('router')->group(['middleware' => 'web'], function () {
require __DIR__ . '/../../routes/web.php';
if (config("app.env") === 'internaltesting') {
require __DIR__ . '/../../tests/routes/web.php';
}
});By the way, the Laravel documentation suggests to use
$this->loadRoutesFrom(__DIR__.'/../routes/web.php');
Expected Behavior
The XSRF-TOKEN should be attached to the response when calling the drip endpoint.
Actual Behavior
No cookies are attached to the drip response when route caching is enabled. This is due to the fact that the drip route is not linked with the ‘web’ middleware group which add the cookie via the VerifyCRSF middleware. I think this is caused by the way the route are added in the ServiceProvider which is not compatible with route caching. Desactivating route caching in production solves the issue
Environment
Stack Trace