You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The middleware concepts page for Slim documentation is not exactly clear on the difference between before and after middleware.
On lines 5-9 it says that you can have middleware complete before and after the Slim application, and that before middleware would be useful to protect from cross-site request forgery.
Then on lines 73-81 it shows an example of two different middleware callables, one being $beforeMiddleware and the after being $afterMiddleware.
I think that this gives off the impression that the $beforeMiddleware callable is the same type of middleware that is described as middleware that would execute before the Slim application runs. The $beforeMiddleware callable is actually an "after middleware" though, because the first thing it does in the callable is handle the request.
I know that the behavior of the middleware is defined in PSR-15 but it may be good to clarify how to perform middleware logic before the application runs and how to perform middleware logic after the application runs. An example of a middleware that short-circuits the middleware flow and returns a response without calling $handler->handle() may be good to have as well.
The text was updated successfully, but these errors were encountered:
I think you are right. The $beforeMiddleware is actually an outgoing middleware because it handles things after the handle method. I agree, it is confusing and should be changed as follows:
$beforeMiddleware = function (Request$request, RequestHandler$handler) {
$authorization = $request->getHeaderLine('Authorization');
// Validate bearer token// If invalid, throw a HttpForbiddenException// ...return$handler->handle($request);
};
or this:
$beforeMiddleware = function (Request$request, RequestHandler$handler) {
$csrfToken = $request->getHeaderLine('X-CSRF-Token');
// Validate CSRF token// If invalid, throw a HttpForbiddenException// ...return$handler->handle($request);
};
odan
added a commit
to odan/Slim-Website
that referenced
this issue
Jul 9, 2024
The middleware concepts page for Slim documentation is not exactly clear on the difference between before and after middleware.
On lines 5-9 it says that you can have middleware complete before and after the Slim application, and that before middleware would be useful to protect from cross-site request forgery.
Then on lines 73-81 it shows an example of two different middleware callables, one being
$beforeMiddleware
and the after being$afterMiddleware
.I think that this gives off the impression that the
$beforeMiddleware
callable is the same type of middleware that is described as middleware that would execute before the Slim application runs. The$beforeMiddleware
callable is actually an "after middleware" though, because the first thing it does in the callable is handle the request.I know that the behavior of the middleware is defined in PSR-15 but it may be good to clarify how to perform middleware logic before the application runs and how to perform middleware logic after the application runs. An example of a middleware that short-circuits the middleware flow and returns a response without calling
$handler->handle()
may be good to have as well.The text was updated successfully, but these errors were encountered: