Error in Log Viewer with Laravel 11.36.1: User Logged Out When Accessing URL

[HENRIQUELOBO]

I am encountering an issue with the Log Viewer in Laravel 11.36.1. Whenever I attempt to access the Log Viewer URL, the user is logged out and a message appears stating, "Request failed with status code 403: This action is unauthorized." Additionally, no log files are displayed.

Environment:
Laravel Version: 11.36.1

PHP Version: 8.3.14

Database: MySQL 8.0.23

Operating System: Ubuntu 20.04

[arukompas]

Hey @HENRIQUELOBO , please share your config/log-viewer.php configuration.

[HENRIQUELOBO]

Hi,

return [

/*
|--------------------------------------------------------------------------
| Log Viewer
|--------------------------------------------------------------------------
| Log Viewer can be disabled, so it's no longer accessible via browser.
|
*/

'enabled' => env('LOG_VIEWER_ENABLED', true),

'api_only' => env('LOG_VIEWER_API_ONLY', false),

'require_auth_in_production' => false,

/*
|--------------------------------------------------------------------------
| Log Viewer Domain
|--------------------------------------------------------------------------
| You may change the domain where Log Viewer should be active.
| If the domain is empty, all domains will be valid.
|
*/

'route_domain' => null,

/*
|--------------------------------------------------------------------------
| Log Viewer Route
|--------------------------------------------------------------------------
| Log Viewer will be available under this URL.
|
*/

'route_path' => 'log-viewer',

/*
|--------------------------------------------------------------------------
| Back to system URL
|--------------------------------------------------------------------------
| When set, displays a link to easily get back to this URL.
| Set to `null` to hide this link.
|
| Optional label to display for the above URL.
|
*/

'back_to_system_url' => config('app.url', null),

'back_to_system_label' => null, // Displayed by default: "Back to {{ app.name }}"

/*
|--------------------------------------------------------------------------
| Log Viewer time zone.
|--------------------------------------------------------------------------
| The time zone in which to display the times in the UI. Defaults to
| the application's timezone defined in config/app.php.
|
*/

'timezone' => null,

/*
|--------------------------------------------------------------------------
| Log Viewer route middleware.
|--------------------------------------------------------------------------
| Optional middleware to use when loading the initial Log Viewer page.
|
*/

'middleware' => [
    'web',
    \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class,
],

/*
|--------------------------------------------------------------------------
| Log Viewer API middleware.
|--------------------------------------------------------------------------
| Optional middleware to use on every API request. The same API is also
| used from within the Log Viewer user interface.
|
*/

'api_middleware' => [
    \Opcodes\LogViewer\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
    \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class,
],

'api_stateful_domains' => env('LOG_VIEWER_API_STATEFUL_DOMAINS') ? explode(',', env('LOG_VIEWER_API_STATEFUL_DOMAINS')) : null,

/*
|--------------------------------------------------------------------------
| Log Viewer Remote hosts.
|--------------------------------------------------------------------------
| Log Viewer supports viewing Laravel logs from remote hosts. They must
| be running Log Viewer as well. Below you can define the hosts you
| would like to show in this Log Viewer instance.
|
*/

'hosts' => [
    'local' => [
        'name' => ucfirst(env('APP_ENV', 'local')),
    ],

    // 'staging' => [
    //     'name' => 'Staging',
    //     'host' => 'https://staging.example.com/log-viewer',
    //     'auth' => [      // Example of HTTP Basic auth
    //         'username' => 'username',
    //         'password' => 'password',
    //     ],
    //     'verify_server_certificate' => true,
    // ],
    //
    // 'production' => [
    //     'name' => 'Production',
    //     'host' => 'https://example.com/log-viewer',
    //     'auth' => [      // Example of Bearer token auth
    //         'token' => env('LOG_VIEWER_PRODUCTION_TOKEN'),
    //     ],
    //     'headers' => [
    //         'X-Foo' => 'Bar',
    //     ],
    //     'verify_server_certificate' => true,
    // ],
],

/*
|--------------------------------------------------------------------------
| Include file patterns
|--------------------------------------------------------------------------
|
*/

'include_files' => [
    '*.log',
    '**/*.log',

    // You can include paths to other log types as well, such as apache, nginx, and more.
    '/var/log/httpd/*',
    '/var/log/nginx/*',

    // MacOS Apple Silicon logs
    '/opt/homebrew/var/log/nginx/*',
    '/opt/homebrew/var/log/httpd/*',
    '/opt/homebrew/var/log/php-fpm.log',
    '/opt/homebrew/var/log/postgres*log',
    '/opt/homebrew/var/log/redis*log',
    '/opt/homebrew/var/log/supervisor*log',

    // '/absolute/paths/supported',
],

/*
|--------------------------------------------------------------------------
| Exclude file patterns.
|--------------------------------------------------------------------------
| This will take precedence over included files.
|
*/

'exclude_files' => [
    // 'my_secret.log'
],

/*
|--------------------------------------------------------------------------
| Hide unknown files.
|--------------------------------------------------------------------------
| The include/exclude options above might catch files which are not
| logs supported by Log Viewer. In that case, you can hide them
| from the UI and API calls by setting this to true.
|
*/

'hide_unknown_files' => true,

/*
|--------------------------------------------------------------------------
|  Shorter stack trace filters.
|--------------------------------------------------------------------------
| Lines containing any of these strings will be excluded from the full log.
| This setting is only active when the function is enabled via the user interface.
|
*/

'shorter_stack_trace_excludes' => [
    '/vendor/symfony/',
    '/vendor/laravel/framework/',
    '/vendor/barryvdh/laravel-debugbar/',
],

/*
|--------------------------------------------------------------------------
| Cache driver
|--------------------------------------------------------------------------
| Cache driver to use for storing the log indices. Indices are used to speed up
| log navigation. Defaults to your application's default cache driver.
|
*/

'cache_driver' => env('LOG_VIEWER_CACHE_DRIVER', null),

/*
|--------------------------------------------------------------------------
| Cache key prefix
|--------------------------------------------------------------------------
| Log Viewer prefixes all the cache keys created with this value. If for
| some reason you would like to change this prefix, you can do so here.
| The format of Log Viewer cache keys is:
| {prefix}:{version}:{rest-of-the-key}
|
*/

'cache_key_prefix' => 'lv',

/*
|--------------------------------------------------------------------------
| Chunk size when scanning log files lazily
|--------------------------------------------------------------------------
| The size in MB of files to scan before updating the progress bar when searching across all files.
|
*/

'lazy_scan_chunk_size_in_mb' => 50,

'strip_extracted_context' => true,

];

"In Laravel 10, it was working perfectly. Today, I updated to Laravel 11, and this error started to appear."

[gwillyoo]

Hello @HENRIQUELOBO , from what i see, it is 403, the action is unauthorized.
Have you tried this : https://log-viewer.opcodes.io/docs/3.x/configuration/access-to-log-viewer#authorizing-users ?

[arukompas]

Where do you have the authorization gate defined, and is that service provider added to the Laravel 11 providers config?

[HENRIQUELOBO]

Hello, I use Gate in app/Providers/AuthServiceProvider.php and as I mentioned in Laravel 10 it worked perfectly, I used it for several years. After I updated, I got an unauthorized error, and even setting

Gate::define('viewLogViewer', function (?User $user) {
return true;
});

when accessing the URL and viewing the log, when returning to the application the user is logged out.

[arukompas]

Sounds like something session related. Something is resetting the session (and thus the user no longer being logged in).

Was there no other changes since then? Do you interact with sessions in any way? Is the Log Viewer on the same domain as the main app? Is the app behind a load-balancer?

[HENRIQUELOBO]

There were no changes; the Log Viewer is on the same domain. The only change was the update to Laravel 11. In Laravel 10, it was working perfectly as configured.

[xxdalexx]

@HENRIQUELOBO I solved this with the help from #362 (comment)

You need to set the api_stateful_domains as an array in the config, or a comma separated list in the .env with a key of LOG_VIEWER_API_STATEFUL_DOMAINS

@arukompas What's happening with a default install in laravel 11, the user is found from the session when using the viewLogViewer gate on the initial page load, but the subsequent api calls don't have anything to identify the logged in user, and null gets passed to the gate closure instead of a user object.