Black screen in production + canAccessPanel not working
Hello everyone! I encountered a very strange bug in production.
When trying to log in to the panel via an authorized email, I get a black screen and 2 errors in the console related to livewire:
1) The script from "https://example.com/livewire/livewire.min.js?id=38dc8241" was loaded, although its MIME type ("text/html") is not valid for JavaScript.
2) Uncaught SyntaxError: expected expression, got '<'
The strangest thing is that I received these errors when I had @livewireStyles and @livewireScripts in the head and body of the site.
(I have the 'inject_assets' => true option enabled in the config).
The problem is also that anyone can log in via example.com/admin, although User.php has a normally implemented canAccessPanel method.
Code:
User.php:
use Filament\Models\Contracts\FilamentUser;
use Filament\Models\Contracts\HasName;
use Filament\Panel;
...
class User extends Authenticatable implements FilamentUser, HasName
{
use HasFactory, Notifiable, SoftDeletes;
protected $fillable = [
'id',
'bio',
'nickname',
'avatar',
'email',
'password',
'provider',
...
];
/**
* The attributes that should be hidden for serialization.
*
* @var list<string>
*/
protected $hidden = [
'password',
];
public function getFilamentName(): string
{
return $this->nickname ?? 'admin';
}
public function canAccessPanel(Panel $panel): bool
{
return $this->email === '[email protected]';
}
...
AdminPanelProvider:
return $panel
->default()
->favicon(asset('images/logo/favicon.png'))
->id('admin')
->path('admin')
->brandLogo(asset('images/logo/favicon.png'))
->brandLogoHeight('3rem')
->login()
}
...
P.S. I can't insert the whole code because of the limitation, but I can show everything else that is needed without any problems❤️
6 Replies
For the black screen its a bug in a latest livewire version, make sure to strict to the locked one in the filament instalation
For the admin panel access make sure that the app is on production mode so filament applys the check
Do not forgot to clear all the caches and optimize again
For the livewire console error this might be related to many possible issues:
- uncleared cache
- rebuilt the assets again
- you might be using a DNS manager like Cloudflare
Sometimes livewire issues can be fixed just by publishing the config & assets:
php artisan livewire:publish --assets
php artisan vendor:publish --tag=livewire:configHello, thank you for your reply. I clean the cache all the time, but it doesn't help. now I'll try to roll back the livewire version a bit. But I still don't really understand how it doesn't work in production, but everything is fine in the local environment.
it is a standard behavior that local mode doesn't apply many security check in order to give developers a free access
Updates were released to filament today to unlock the livewire version. Try upgrading to latest filament and rebuild any themes to see if that solves any issues. Latest version is v3.2.139
Hello everyone!
Thank you very much for your support❤️.
I rolled back the livewire version to 3.4. Rebuilt the entire project on production.
I wrote the command:
php artisan livewire:publish --assets
(also, according to the documentation, I wrote it in composer.json:
php artisan livewire:publish --assets).
Everything works fine now!
The errors from the console, etc. have disappeared.
But... there is only one problem with canAccessPanel.
The thing is that an unauthorized user can go to the login page
(both locally and in production)
Can you please tell me what this is connected with?
canAccessPanel has nothing to do with accessing the login pages
How you can authorize unsigned in user?