Magento 2 – Allow Only POST Method for Frontend Route

http-requestmagento-2.2.5magento2post-datarouting

I'm using magento 2.2.5 and created a frontend route like this:

<?xml version="1.0"?> 
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:App/etc/routes.xsd">
    <router id="standard">
        <route id="spin" frontName="spin">
            <module name="Neverending_Story" />
        </route>
    </router>
</config>

How can i allow only POST method request that can access this route ??

Best Answer

Magento request object has a function

$this->getRequest()->getMethod() which provide the request method name on request object. So using this getMethod(),you can prevent your route from all other request accept POST..

Create an observer on event

controller_action_predispatch_spin

And on that observer if you will found that the request method $observer->getEvent()->getRequest()->getMethod() ,then dis-allow the all pages of this routes <route id="spin" frontName="spin">

Call observer from events.xml

<?xml version="1.0" ?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Event/etc/events.xsd">
     <event name="controller_action_predispatch_spin">
        <observer instance="StackExchange\Magento\Observer\Frontend\CheckAndPrevent" 
                  name="prevent_all_method"/>
    </event>
</config>

Observer code:

<?php


namespace StackExchange\Magento\Observer\Frontend;


class CheckAndPrevent implements \Magento\Framework\Event\ObserverInterface
{



    public function execute(\Magento\Framework\Event\Observer $observer)
    {
       //$eventParameters = ['controller_action' => $this, 'request' => $request];
        $request = $observer->getEvent()->getRequest();
        $requestMethod = strtolower($request->getMethod());

        if($requestMethod !== 'put'){

           // echo $requestMethod;
            // Throw an exception for prevent the accesss
            throw new \Exception("Cannot access."); 


        }

    }

}

Related Solutions

Magento 1 Admin and Frontend Route Disabling Guide

I don't think there is a way to do this without removing the routers tag from the config.xml or adding some observers on the predispatch event that will redirect you to a 404 page.
But I may be wrong. In case I'm wrong here is a place to start.
The routers section of the config.xml files is parsed in Mage_Core_Controller_Varien_Router_Standard::collectRoutes.
From what I saw in there, there is no check for a disabled flag or something like that.
There might be a chance if the the module does not use the admin path for backend pages.
So if the router is not declared like this:

    <routers>
        <adminhtml>
            <args>
                <modules>
                    <Module_Name before="Mage_Adminhtml">Module_Name_Adminhtml</Module_Name>
                </modules>
            </args>
        </adminhtml>
    </routers>

but uses the other way of declaring routers:

    <routers>
        <module_name>
            <use>admin</use>
            <args>
                <module>Module_Name</module>
                <frontName>route_name</frontName>
            </args>
        </module_name>
    </routers>

You can create a module and just change the <use> tag value to something that's not admin or standard.

So your new module that depends on the original one can have the routers section like this:

<routers>
    <module_name>
        <use>go-away</use>
    </module_name>
</routers>

Why I thing it could work? because in the method mentioned above the only if with no else that could return false is if ($use == $useRouterName).
This is just an assumption. I haven't tested it. I don't have any extensions that use this type of routers for backend.

Magento 2 – How to Rewrite TierPrice Block

Suppose package:Learning and module: Custom

Module.xml looks like

<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
    <module name="Learning_Custom" setup_version="2.0.0">
        <sequence>
            <module name="Magento_Catalog"/>
        </sequence>
    </module>
</config>

And then create a layout xml following path -> app/code/Learning/Custom/view/frontend/layout/catalog_product_prices.xml

<layout xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../../../lib/internal/Magento/Framework/View/Layout/etc/layout_generic.xsd">
    <referenceBlock name="render.product.prices">
        <arguments>
            <argument name="default" xsi:type="array">
                <item name="prices" xsi:type="array">
                    <item name="tier_price" xsi:type="array">
                        <item name="render_template" xsi:type="string">Learning_Custom::product/price/tier_prices.phtml
                    </item>
                </item>
            </argument>
        </arguments>
    </referenceBlock>
</layout>

Create template inside your module or copy base template file inside your module path should be -> app/code/Learning/Custom/view/frontend/templates/product/price/tier_prices.phtml

Best Answer

Related Solutions

Magento 1 Admin and Frontend Route Disabling Guide

Magento 2 – How to Rewrite TierPrice Block

Related Topic