Magento: frontend and admin routes conflict
Today I was working in a 3rd party module. Something very simple, an AJAX Add to Cart button. But, when I requested http://.../ajaxcart/cart/add
, I’ve got a 302 HTTP status, or, a redirect, to the same requested URL, but in secure mode (HTTPS).
After debugging, I could understand that the controller wasn’t being called, so I try to find a configuration problem. The Administration Panel was configured to be served on HTTPS (Configuration > General > Web > Secure > ???), and when I’ve removed this option, everything was working as expected.
Long story short, here is the problem:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<frontend>
<routers>
<ajaxcart>
<use>standard</use>
<args>
<module>Company_AjaxCart</module>
<frontname>ajaxcart</frontname>
</args>
</routename>
</routers>
</frontend>
<admin>
<routers>
<ajaxcart>
<use>admin</use>
<args>
<module>Company_AjaxCart</module>
<frontname>ajaxcart</frontname>
</args>
</routename>
</routers>
</admin>
Did you see that frontname
is the same both for frontend and admin? In this way, every time we call a URL with the pattern http://.../ajaxcart/*
, Magento replies you to redirect to secure mode. When using AJAX, we have to main problems with this:
- Developers don’t often worry about HTTP Status codes that aren’t 200;
- You have to configure the
Same-Origin Policy
, or you’ll getCORS
errors like this:
1
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://.../ajaxcart/cart/add/. This can be fixed by moving the resource to the same domain or enabling CORS.
TL;DR: On every module you develop for Magento which needs controllers in admin and frontend, pay attention and don’t use the same frontname
.
Bye.