Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Weird wildcard route behaviour when specifying methods

See original GitHub issue

Hi,

while working on a new personal project, I’ve noticed a strange behaviour for wildcard routes:

I’ve configured the following route:

{
    "routes": [
        {
            "route": "/api/*",
            "methods": [
                "PUT",
                "POST",
                "DELETE"
            ],
            "allowedRoles": [
                "admin"
            ]
        }
    ]
}

In addition, in the project I have the following C# API:

  • GET /api/books (gets all books in Database)
  • GET /api/books/{id} (gets the book with {id} from the db)
  • POST, PUT and DELETE for the books are only mocked via proxies.json

The behaviour I’d expect from my understanding is that the GET requests should be available to all users, while POST, PUT and DELETE should require a logged in user with the admin role.

However, when activating this route, I get a 403 error for all methods when I’m unauthenticated. Once i remove the route again, every method returns their backend success code.

I’m testing on Windows with azure/static-web-apps-cli@0.3.0.

Am I missing something or is there a better way to imlement such a authentication requirement?

I’d appreciate any help!

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:2
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
anthonychucommented, Jun 2, 2021

This should be fixed with #208 and released in v0.5.0.

@manekinekko While the rule now blocks requests correctly, it seems to return the wrong HTTP status code (returns 404 when not authenticated/authorized, instead of 401 or 403).

Repro: https://github.com/anthonychu/20210601-swa-cli-issue-190

swa start --api api

If you click the button and look at the browser dev tools, you’ll see the POST request returns 404 instead of 401.

1reaction
miwebstcommented, May 4, 2021

@manekinekko I think this is a bug in the swa cli, can you take a look?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Is there a way to catch all non-matched routes with Backbone?
Depending on routes enumerating in any particular order is just asking for it. The only way to be sure is to use route()...
Read more >
Non-wildcard routes that share a prefix with a ... - GitHub
Non-wildcard routes that share a prefix with a wildcard route should take priority over the wildcard route #73.
Read more >
Different approaches to HTTP routing in Go - Ben Hoyt
Each router should handle the specified method ( GET or POST ) and reject the others with a 405 Method Not Allowed response....
Read more >
Skipper Predicates - Zalando Open Source
Example route with a Host, Method and Path match predicates and a backend: ... The simple wildcards behave similar to the Path predicate....
Read more >
Using wildcards in commands with zsh - Super User
There are many ways to bypass this behavior, here are some of them: ... By setting an alias in .zshrc for example: alias...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Static Web App with Blazor and AUTH config in staticwebapp.config.json without effect on SWA CLI

Next page

404 pages will not be displayed with fallback routes in config