🐛 Does not redirect ot login if url start by /bolt...

macintoshplus · macintoshplus · commit dbde662e7079 · 2025-07-07T10:46:24.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 Changelog
 =========
 
+## 5.2.3
+
+- Fix any URI starting with bolt.backend_url is treated as restricted (macintoshplus, [#3504](https://github.com/bolt/core/issues/3504)
+
 ## 5.2.2
 
 Released: 2025-03-10
diff --git a/UPGRADE-5.2.md b/UPGRADE-5.2.md
@@ -0,0 +1,14 @@
+# Upgrade to 5.2.3
+
+In file `config/packages/security.yaml` replace
+
+```yaml
+            - { path: '^%bolt.backend_url%', roles: IS_AUTHENTICATED_REMEMBERED }
+            - { path: '^/(%app_locales%)%bolt.backend_url%', roles: IS_AUTHENTICATED_REMEMBERED }
+```
+
+By
+```yaml
+            - { path: '^%bolt.backend_url%($|/)', roles: IS_AUTHENTICATED_REMEMBERED }
+            - { path: '^/(%app_locales%)%bolt.backend_url%($|/)', roles: IS_AUTHENTICATED_REMEMBERED }
+```
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -58,5 +58,5 @@ security:
         - { path: '^/(%app_locales%)%bolt.backend_url%/api', roles: ADMIN_API_ACCESS } # handled by voter
         - { path: '^%bolt.backend_url%/_trans', roles: ADMIN_TRANSLATE_ACCESS } # handled by voter
         - { path: '^/(%app_locales%)%bolt.backend_url%/_trans', roles: ADMIN_TRANSLATE_ACCESS } # handled by voter
-        - { path: '^%bolt.backend_url%', roles: IS_AUTHENTICATED_REMEMBERED }
-        - { path: '^/(%app_locales%)%bolt.backend_url%', roles: IS_AUTHENTICATED_REMEMBERED }
+        - { path: '^%bolt.backend_url%($|/)', roles: IS_AUTHENTICATED_REMEMBERED }
+        - { path: '^/(%app_locales%)%bolt.backend_url%($|/)', roles: IS_AUTHENTICATED_REMEMBERED }
