api.methodOverwrite config option and check

getkirby · Sep 12, 2024 · 2f9bd7a · 2f9bd7a
1 parent f724075
commit 2f9bd7a
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 2 deletions.
diff --git a/config/api/routes/system.php b/config/api/routes/system.php
@@ -31,6 +31,18 @@
 			];
 		}
 	],
+	[
+		'pattern' => 'system/method-test',
+		'method'  => 'PATCH',
+		'action'  => function () {
+			return [
+				'status' => match ($this->kirby()->request()->method()) {
+					'PATCH' => 'ok',
+					default => 'fail'
+				}
+			];
+		}
+	],
 	[
 		'pattern' => 'system/register',
 		'method'  => 'POST',

diff --git a/i18n/translations/en.json b/i18n/translations/en.json
@@ -629,6 +629,7 @@
 
 	"system.info.copy": "Copy info",
 	"system.info.copied": "System info copied",
+	"system.issues.api.methods": "Your server does not support PATCH requests",
 	"system.issues.content": "The content folder seems to be exposed",
 	"system.issues.eol.kirby": "Your installed Kirby version has reached end-of-life and will not receive further security updates",
 	"system.issues.eol.plugin": "Your installed version of the { plugin } plugin is has reached end-of-life and will not receive further security updates",

diff --git a/panel/src/api/index.js b/panel/src/api/index.js
@@ -23,7 +23,7 @@ export default (panel) => {
 	const api = {
 		csrf: panel.system.csrf,
 		endpoint: rtrim(panel.urls.api, "/"),
-		methodOverwrite: true,
+		methodOverwrite: panel.config.api?.methodOverwrite ?? false,
 		ping: null,
 		requests: [],
 		running: 0

diff --git a/panel/src/components/Views/System/SystemSecurity.vue b/panel/src/components/Views/System/SystemSecurity.vue
@@ -54,7 +54,7 @@ export default {
 		// call the check method on every URL in the `urls` object
 		const promises = Object.entries(this.urls).map(this.check);
 
-		await promiseAll(promises);
+		await promiseAll([...promises, this.testPatchRequests()]);
 
 		console.info(
 			`System health checks ended. ${
@@ -81,6 +81,22 @@ export default {
 		},
 		retry() {
 			this.$go(window.location.href);
+		},
+		/**
+		 * Checks if server supports PATH request or if
+		 * the `api.methodOverwrite` option needs to be activated
+		 */
+		async testPatchRequests() {
+			const { status } = await this.$api.patch("system/method-test");
+
+			if (status !== "ok") {
+				this.issues.push({
+					id: "method-overwrite-text",
+					text: this.$t("system.issues.api.methods"),
+					link: "https://getkirby.com/docs/reference/system/options/api#methods-overwrite",
+					icon: "protected"
+				});
+			}
 		}
 	}
 };

diff --git a/src/Panel/View.php b/src/Panel/View.php
@@ -275,6 +275,9 @@ public static function globals(): array
 
 		return [
 			'$config' => fn () => [
+				'api'         => [
+					'methodOverwrite' => $kirby->option('api.methodOverwrite', false)
+				],
 				'debug'       => $kirby->option('debug', false),
 				'kirbytext'   => $kirby->option('panel.kirbytext', true),
 				'translation' => $kirby->option('panel.language', 'en'),