knock-knock
knock-knock copied to clipboard
verbb
Unable to Make 'unprotectedUrls' Work as Expected
Question
I have a module controller that composes images from raw data using the Intervention image library. When the Knock Knock plugin is disabled, it works as expected, but not when enabled: Intervention can't read the image data.
Here's how I compose the images:
$url = 'https://mywebsite.dev/index.php?p=actions/mymodule/file/view?id=123&token=abc';
$contextOptions = [
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]
];
$context = stream_context_create($contextOptions);
$imageData = file_get_contents($url, false, $context);
$image = Image::make($imageData);
The script fails at the last line (Image::make).
It appears that my unprotected URLs are not working, as the images aren't readable when Knock Knock is enabled:
'unprotectedUrls' => [
'/mymodule/file/view/(.*)',
'/index.php?p=actions/mymodule/file/view(.*)',
App::env('INTERVENTION_BASE_URL') . '/(.*)'
],
Is there anything wrong here, or is it a Knock Knock bug?
Additional context
No response
So a thought I've had firstly is that action endpoints probably shouldn't be protected anyway, as they're pretty crucial to various workings of a site.
Changed for the next release. To get this early, run composer require verbb/knock-knock:"dev-craft-4 as 2.0.10".
