Support Auto-Discovery

[Omranic]

https://medium.com/@taylorotwell/package-auto-discovery-in-laravel-5-5-ea9e3ab20518

[dusterio]

Hmm, isn't this a bit dangerous? It will add extra routes automatically - without explicit consent from the user? I understand auto discovery may be good for some packages that don't add/change anything important but maybe in this case - developers should add this provider manually?

[Omranic]

@dusterio what about a config option for routes registration on/off?

[dusterio]

@Omranic more details please? what option exactly?

[Omranic]

Example:

• Config option: https://github.com/rinvex/pages/blob/master/config/config.php#L19-L20
• Dynamic loading: https://github.com/rinvex/pages/blob/master/src/Providers/PagesServiceProvider.php#L53-L64

[Jono20201]

@dusterio Do you have any more thoughts on this? Using the auto-discovery widely adopted within the Laravel community and saves time when installing packages.

[jwpage]

I got confused as to why the routes weren't being added because I was specifically expecting auto-discovery to work here. It's the norm for modern Laravel packages these days.

Can we revisit this?

[dusterio]

@jwpage the rationale is that this could potentially be a security (informational) risk - automagically adding routes that allow anybody to execute code on your instances. it feels reasonable that these routes should be enabled explicitly on worker instances. but it's open for discussion :)

[fylzero]

Closing this out as it certainly could pose a security risk for existing installations that have removed the service provider but not the package. This can eventually be considered in a new release version.