Livewire Update routes security....
If my understanding of livewire is correct...and it likely isn't, but anyway...a page poll or direct livewire update call (RequestPath: livewire/update), uses different routes from a regular request and can therefore bypass middleware. This can be avoided using persisted middleware settings within livewire.
Is Filament v3+ handling this already, particularly for single pages? Or is there a risk that authentication middleware is being by passed by Livewire
1 Reply
You can see this by using Laravel Debugbar or Telescope and exactly what middlewears were run 😉
essentially any middlewares run to load a livewire page, they are applied to subscent livewire requests/ajax.