Magento: frontend and admin routes conflict

English
, , ,

Today I was working in a 3rd party module. Something very simple, an AJAX Add to Cart button. But, when I requested http://.../ajaxcart/cart/add, I’ve got a 302 HTTP status, or, a redirect, to the same requested URL, but in secure mode (HTTPS).

After debugging, I could understand that the controller wasn’t being called, so I try to find a configuration problem. The Administration Panel was configured to be served on HTTPS (Configuration > General > Web > Secure > ???), and when I’ve removed this option, everything was working as expected.

Long story short, here is the problem:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<frontend>
    <routers>
        <ajaxcart>
            <use>standard</use>
            <args>
                <module>Company_AjaxCart</module>
                <frontname>ajaxcart</frontname>
            </args>
        </routename>
    </routers>
</frontend>
<admin>
    <routers>
        <ajaxcart>
            <use>admin</use>
            <args>
                <module>Company_AjaxCart</module>
                <frontname>ajaxcart</frontname>
            </args>
        </routename>
    </routers>
</admin>

Did you see that frontname is the same both for frontend and admin? In this way, every time we call a URL with the pattern http://.../ajaxcart/*, Magento replies you to redirect to secure mode. When using AJAX, we have to main problems with this:

  1. Developers don’t often worry about HTTP Status codes that aren’t 200;
  2. You have to configure the Same-Origin Policy, or you’ll get CORS errors like this:
1
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://.../ajaxcart/cart/add/. This can be fixed by moving the resource to the same domain or enabling CORS.

TL;DR: On every module you develop for Magento which needs controllers in admin and frontend, pay attention and don’t use the same frontname.

Bye.