Horizon: Authentication HttpException with No message

Created on 6 Nov 2017  路  3Comments  路  Source: laravel/horizon

Getting an HttpException, when trying to authentication horizon dashboard based on user permission but getting an HttpException with no message.

So, the code is something like this where we have an isAdmin() method in the User model. 

Horizon::auth(function ($request) {
    return $request->user() && $request->user()->isAdmin();
});

also

Horizon::auth(function ($request) {
    return Auth::check() && Auth::user()->isAdmin();
});

even explicitly returning false also throw this exception.

picture meathanjay

Most helpful comment

Wouldn't it make more sense to actually call a 403 view or similar?

Dropping a huge stackdump on /horizon for unauthenticated users pretty much enables you to guess that horizon is used.

picture f0o on 10 Nov 2017
👍4

All 3 comments

yes a 404 is sent so that people won't be able to guess if you're using horizon or not.

themsaid picture themsaid on 6 Nov 2017

Wouldn't it make more sense to actually call a 403 view or similar?

Dropping a huge stackdump on /horizon for unauthenticated users pretty much enables you to guess that horizon is used.

f0o picture f0o on 10 Nov 2017
👍4

I'm agree with @f0o

Xationch picture Xationch on 14 Dec 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pmartelletti picture pmartelletti  路  4Comments
etiennellipse picture etiennellipse  路  3Comments
dmitryuk picture dmitryuk  路  3Comments
mahdiahmadi73 picture mahdiahmadi73  路  3Comments
mikeminckler picture mikeminckler  路  3Comments