IgnoreForWireExtender doesn't disable CSRF check on wire-extender's http requests.

[chatisk]

New PR merged #38 doesn't recognize the request of wire-extender as of wire-extender's and throws 419 http response when embedding a component.

Specifically, the error lies in the isLivewireUpdateRequest. It returns false either by a request from inside the app, or outside the app (embedding a component into another site).

Downgraded it back to 1.0.0 and works ok. But the point of @dbpolito still stands. The trait is disabling all CSRF token checks for all requests.

[JoeyXitres]

We have the same problem, for now we locked on 1.0.0

[dbpolito]

Can you guys give more information? Wondering why this is happening there... It doesn't seem the case here...

Maybe it's failing on the embed request? But here it doesn't send any cookie so it doesn't even check for csrf.

Can you share the request object or the values used there? https://github.com/wire-elements/wire-extender/blob/main/src/Http/Middlewares/IgnoreForWireExtender.php#L43-L46

To understand why this is returning false?

[chatisk]

Can you guys give more information? Wondering why this is happening there... It doesn't seem the case here...

Maybe it's failing on the embed request? But here it doesn't send any cookie so it doesn't even check for csrf.

Can you share the request object or the values used there? https://github.com/wire-elements/wire-extender/blob/main/src/Http/Middlewares/IgnoreForWireExtender.php#L43-L46

To understand why this is returning false?

I am going to post some screenshots of my logs from Ray

[christianhanne]

Same problem here. Seems like the custom headers are missing in the initial embed request. Also there is no snapshot in the initial request, which results in a 500er error, when I comment out the first if statement in the middleware.

[MasterZydra]

I have the same issue. My solution for now is also to use v1.0.0.

I think the issue is that parent::handle() is now called if ! $this->isLivewireUpdateRequest($request) in v1.0.1 while it was not called in v1.0.0

d7ca599#diff-419f5970a486c8dbd8db66010b9ffaac5493e6a285af93e801f85bbe75dc9568