Closed Propaganistas closed 4 years ago
You're right, thanks for the detailed info. We'll fix this later today.
This has been fixed by moving the registration of the route to the RouteServiceProvider:
https://github.com/spatie/Mailcoach/commit/202432f6cf78ddba5dd37b9ba515419eb79f2dcf
You can make the change in your own application, as a composer update
won't have any effect on this part of the application
Hi
I think there's a problematic registration of the new v3 API routes:
1)
Route::mailcoachUi()
is called inweb.php
(https://github.com/spatie/Mailcoach/blob/cfeff72919cfc7cb030b665815882f4f7275d931/routes/web.php#L5)2) In
RouteServiceProvider
all routes inweb.php
are given theweb
middleware stack (https://github.com/spatie/Mailcoach/blob/cfeff72919cfc7cb030b665815882f4f7275d931/app/Providers/RouteServiceProvider.php#L46)3)
Route::mailcoach()
is called withinRoute::mailcoachUi()
(https://github.com/spatie/mailcoach-ui/blob/08a735166fb5c4feb7cad742eb86583e03033007/src/MailcoachUiServiceProvider.php#L106).This leads to the
web
middleware being applied to API routes as well. For example, all API routes now require a CSRF token.