I have a setup where I rewrite /* to /pro/:splat for pro users and /* to /free/:splat if the first rule was not applied. If I only have the second (free) rule everything works, but if I add the first rule then /index.html returns 404 in dev abd dev --live (works on production).
These are the rules:
[[redirects]]
from = "/*"
to = "/pro/:splat"
status = 200
conditions = {Role = ["pro"]}
[[redirects]]
from = "/*"
to = "/free/:splat"
status = 200
If I remove the first rule I get 200 on index.html if I keep it I get 404. My guess is that for some reason role based rewrites in dev mode are executed even if the page exists.
Does this work in production? From what I know, RBAC is not supposed to have a to value. Plus, if you redirect everything, won’t it also affect the CSS/JS files, images, etc?
But how’s that secure? Rather, you’d specifically want to rewrite when the file exists as you want the content to be available behind the gate. The docs specifically ask you to force the rules.
Yes, I was going to come to that later and a workaround to use it regardless (which is possibly only available for Business and above plans). But at the initial stages, I still feel what @nekdolan is incorrect configuration and thus, I was trying to get that cleared out.
I’m not sure why it wouldn’t be secure. I have rule that forces away from /pro to /:splat (302). Are you saying that there is a way to reach pro content if I use a rewrite as opposed to a redirect?
This site has been statically generated via gulp with relative urls and the client wanted to have free and pro content preferably using the same urls. Not sure how else this could be possible. Using Ajax was not really feasible.
I understand that the docs suggests to use a redirect, but this as is works and it is really useful for the project at the moment. @hrishikesh Should I assume that this feature will break in production in the near feature?
@coelmay we noticed some infinite loops in production, but we couldn’t reproduce it recently.
Sure but as far as I remember the bug is caused by the rewrite
[build]
publish = "dist"
functions = "functions"
[dev]
publish = "dist"
functions = "functions"
[functions]
node_bundler = "esbuild"
[[redirects]]
from = "/pro/*"
to = "/:splat"
force = true
status = 302
[[redirects]]
from = "/free/*"
to = "/:splat"
force = true
status = 302
[[redirects]]
from = "/*"
to = "/pro/:splat"
status = 200
conditions = {Role = ["pro"]}
[[redirects]]
from = "/*"
to = "/free/:splat"
status = 200
I agree that if I didn’t have the redirect it would be unsecure. Thanks for the heads up.
About your Role-based redirects, the setup looks really weird. That’s not how these redirects are supposed to be setup. You need to do the following:
[[redirects]]
force = true
from = "/pro/*"
status = 200
[redirects.conditions]
Role = ["pro"]
[[redirects]]
force = true
from = "/pro/*"
status = 302
to = "/"
It’s just TOML syntax. Both the configurations mean the same thing (just like the previous JavaScript thread in which we talked about return {body} instead of return {body: body}).
So, in the above case,
You could write
[[redirects]]
# other stuff
[redirects.conditions]
Role = ["pro"]
Language = ["en","es"]
# OR
[[redirects]]
# other stuff
headers = {} # this syntax would be complicated for headers
###
# Works even for other stuff:
[build]
[build.environment]
# the above is similar to:
[build]
environment = {}
