You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bolt treats any URI starting with bolt.backend_url string as restricted, even if not immediately followed by a slash.
Details
Question
Answer
Relevant Bolt Version
5.1.24
Install type
Composer install
PHP version
8.2
Reproduction
Steps to reproduce
Log out from the backend if logged in. Assuming your bolt.backend_url (as defined in config/services.yaml) is the default /bolt, try accessing an URI like /bolts-and-nuts.
Expected result
You should be served /bolts-and-nuts resource if it exists, or 404 if it doesn't.
Actual result
You're redirected to /bolt/login.
Fix
Paths ending with bolt.backend_url in access_control definitions of config/packages/security.yaml should include trailing slashes, e.g.:
Bolt treats any URI starting with
bolt.backend_urlstring as restricted, even if not immediately followed by a slash.Details
Reproduction
Steps to reproduce
Log out from the backend if logged in. Assuming your
bolt.backend_url(as defined inconfig/services.yaml) is the default/bolt, try accessing an URI like/bolts-and-nuts.Expected result
You should be served
/bolts-and-nutsresource if it exists, or 404 if it doesn't.Actual result
You're redirected to
/bolt/login.Fix
Paths ending with
bolt.backend_urlinaccess_controldefinitions ofconfig/packages/security.yamlshould include trailing slashes, e.g.:- { path: '^%bolt.backend_url%/', roles: IS_AUTHENTICATED_REMEMBERED }- { path: '^/(%app_locales%)%bolt.backend_url%/', roles: IS_AUTHENTICATED_REMEMBERED }The text was updated successfully, but these errors were encountered: