diff --git a/src/MicroweberPackages/User/routes/api.php b/src/MicroweberPackages/User/routes/api.php index db0002bfab5..a2d5cc4c13a 100644 --- a/src/MicroweberPackages/User/routes/api.php +++ b/src/MicroweberPackages/User/routes/api.php @@ -86,7 +86,15 @@ return delete_user($input); })->middleware(['api']); -Route::name('api.user.')->prefix('api/user')->middleware(['public.api'])->namespace('\MicroweberPackages\User\Http\Controllers')->group(function () { +Route::name('api.user.') + ->prefix('api/user') + ->middleware([ + 'public.api', + // \MicroweberPackages\App\Http\Middleware\VerifyCsrfToken::class, + \MicroweberPackages\App\Http\Middleware\XSS::class + ]) + ->namespace('\MicroweberPackages\User\Http\Controllers') + ->group(function () { Route::post('login', 'UserLoginController@login')->name('login')->middleware(['allowed_ips','throttle:60,1']); Route::any('logout', 'UserLoginController@logout')->name('logout'); @@ -101,7 +109,11 @@ Route::name('api.') ->prefix('api') - ->middleware(['api']) + ->middleware([ + 'api', + // \MicroweberPackages\App\Http\Middleware\VerifyCsrfToken::class, + \MicroweberPackages\App\Http\Middleware\XSS::class + ]) ->namespace('\MicroweberPackages\User\Http\Controllers\Api') ->group(function () { Route::apiResource('user', 'UserApiController'); diff --git a/src/MicroweberPackages/User/routes/web.php b/src/MicroweberPackages/User/routes/web.php index 05d7c575038..c70d9b54c57 100644 --- a/src/MicroweberPackages/User/routes/web.php +++ b/src/MicroweberPackages/User/routes/web.php @@ -17,7 +17,11 @@ Route::name('admin.') ->prefix('admin') - ->middleware(['admin']) + ->middleware([ + 'admin', + // \MicroweberPackages\App\Http\Middleware\VerifyCsrfToken::class, + \MicroweberPackages\App\Http\Middleware\XSS::class + ]) ->namespace('\MicroweberPackages\User\Http\Controllers\Admin') ->group(function () { Route::resource('user', 'UserController');