作者:手机用户2502905937_275 | 来源:互联网 | 2023-09-08 12:15
Fixes #1941, #1905
Part of #1891
Changes proposed in this pull request:
- Add an addCsrfExemptRoute method to the Middleware extender
- Improve Middleware processing system to support this
As per https://github.com/flarum/core/issues/1941#issuecomment-586217862, CSRF exemption is likely to be one of the most common use cases of the middleware extender. As such, considering that there isn't a lot of complexity, it might be easier to implement on our end instead of forcing everyone to override the CheckCsrfToken middleware.
TODO:
- Add integration tests for this (will be done after /core decides which extender this should be a part of).
Reviewers should focus on:
1. Should this be a separate extender? I thought that since it affects middleware, and we already have lots of extenders planned, it would be best to have it as a part of the middleware extender
2. Is the mechanism for providing the exempt paths to the CheckCsrfToken middleware the best approach possible? I modeled this largely off of the Routes extender
3. Code style?
4. Is the mechanism for matching paths to exempt routes what we want? (currently done via wildcards).
Confirmed
- [x] Backend changes: tests are green (run
).
- [x] Backend manual testing
该提问来源于开源项目:flarum/core
Closing in favor of https://github.com/flarum/core/pull/2095