Search code examples
spartacus-storefront

Is there a way, we can disable protected routes in Spartacus while accessing through SmartEdit?

Is there a way, we can disable protected routes (showing the login page if not logged in) in Spartacus while accessing through SmartEdit?

Solution

  • It’s not supported by default in Spartacus. But you might try writing a customization for it.

    Caveats

    You should first analyze all consequences and model the security threats related to your requirement, then consider if you accept them e.g.:

    • some feature pages (e.g. CPQ configurator) don’t work properly unless the user is logged in
    • you might open a security hole (e.g. a malicious user might possibly simulate/prepend he’s in smart edit context, and he will be able to open your storefront’s pages which are restricted for logged-in users only)

    Hints for writing a customization

    You will need to overwrite the method ProtectedRoutesGuard.canActivate() to always return true in case when you’re in the smart edit context.

    And to check if you’re in the smart edit context, you might want to use the method SmartEditLauncherService.isLaunchedInSmartEdit()