Mark a request as being stateful if a cookie for the session is provided at all
This accounts for poorly configured API clients that try to use cookies for authentication purposes. Treat everything with a session cookie as being a stateful request from the front-end.
This commit is contained in:
DaneEveritt
parent
33bafe9277
commit
0fa33e0438
3 changed files with 61 additions and 4 deletions
|
|
@ -19,6 +19,7 @@ use Illuminate\Routing\Middleware\SubstituteBindings;
|
|||
use Illuminate\Session\Middleware\AuthenticateSession;
|
||||
use Illuminate\View\Middleware\ShareErrorsFromSession;
|
||||
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
|
||||
use Pterodactyl\Http\Middleware\EnsureStatefulRequests;
|
||||
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
|
||||
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
|
||||
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
|
||||
|
|
@ -29,7 +30,6 @@ use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
|||
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
|
||||
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
|
||||
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientBindings;
|
||||
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
|
||||
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
|
||||
|
||||
class Kernel extends HttpKernel
|
||||
|
|
@ -66,7 +66,7 @@ class Kernel extends HttpKernel
|
|||
],
|
||||
'api' => [
|
||||
IsValidJson::class,
|
||||
EnsureFrontendRequestsAreStateful::class,
|
||||
EnsureStatefulRequests::class,
|
||||
'auth:sanctum',
|
||||
RequireTwoFactorAuthentication::class,
|
||||
AuthenticateIPAccess::class,
|
||||
|
|
|
|||
Reference in a new issue