freekmurze
commented
4 years ago You're right, thanks for the detailed info. We'll fix this later today.
Closed Propaganistas closed 4 years ago
freekmurze
commented
4 years ago You're right, thanks for the detailed info. We'll fix this later today.
riasvdv
commented
4 years ago This has been fixed by moving the registration of the route to the RouteServiceProvider:
https://github.com/spatie/Mailcoach/commit/202432f6cf78ddba5dd37b9ba515419eb79f2dcf
You can make the change in your own application, as a composer update won't have any effect on this part of the application
Hi
I think there's a problematic registration of the new v3 API routes:
1)
Route::mailcoachUi()is called inweb.php(https://github.com/spatie/Mailcoach/blob/cfeff72919cfc7cb030b665815882f4f7275d931/routes/web.php#L5)2) In
RouteServiceProviderall routes inweb.phpare given thewebmiddleware stack (https://github.com/spatie/Mailcoach/blob/cfeff72919cfc7cb030b665815882f4f7275d931/app/Providers/RouteServiceProvider.php#L46)3)
Route::mailcoach()is called withinRoute::mailcoachUi()(https://github.com/spatie/mailcoach-ui/blob/08a735166fb5c4feb7cad742eb86583e03033007/src/MailcoachUiServiceProvider.php#L106).This leads to the
webmiddleware being applied to API routes as well. For example, all API routes now require a CSRF token.