Unable to access Horizon | Laravel | Page 1

final reef Mar 5, 2026, 11:32 PM

#

Hi all!

Quick one hopefully. Has something changed with authentication for packages such as Horizon (I also am seeing this for Pulse)? I am getting nothing but 401s trying to get to horizon. This has happened after a routine update that touched nothing related to any auth code anywhere.
However the build system will pull in updated dependencies.. In the working patch laravel framework and horizon were at 10.50.0 and 5.44.0 respectively. Now we are at 10.50.2 and 5.45.0.

We define in the boot method of our ServiceProvider

 // Require the queue_manager role to view the dashboard
        Horizon::auth(function () {
            return Gate::allows('global.queue_manager');
        });

I added a Gate::after function that just logs the results of each check
which returns the following.

{
  "user": {
    removed
    }
  },
  "ability": "global.queue_manager",
  "result": true,
  "arguments": []
}

In order to test that the gate was working we have a test case

    /**
     * Test ACL global permissions as a super-admin.
     */
    public function testGlobalPermissionsAsAdmin()
    {
        $permissions = array_keys(require __DIR__ . '/../../src/Config/Permissions/global.php');

        $user = User::factory()->create([
            'admin' => true,
        ]);

        foreach ($permissions as $permission) {
            Redis::flushdb();

            $scope_permission = sprintf('global.%s', $permission);
            $this->assertTrue($user->can($scope_permission));
        }
    }

Which is still passing...

Looking at the laravel updates I dont see anything that is relevant.
https://github.com/laravel/framework/compare/v10.50.0...10.50.2
Or in horizon.
https://github.com/laravel/horizon/compare/v5.44.0...v5.45.0

I am not sure exactly what else I should be looking at to debug this?

Also I understand that Laravel 10 is well EOL... We cannot easily update at this time, but will be looking to later in the year.

#

Also in that test case I will clarify that the admin property enforces that all Gates should return true

austere moth Mar 5, 2026, 11:38 PM

#

A 401 would happen when you're unauthenticated, so you'd get booted since for that request you aren't authenticated. If it were the gates preventing access you'd see a 403.
So this would likely be an issue of different auth guards, like web. If you use a custom guard you'd have to check the gate access on that guard as well, along with instructing Horizon which guard to use. Although, I'm not entirely sure if that's possible for Horizon, as it only has the web middleware in the config https://github.com/laravel/horizon/blob/5.x/config/horizon.php#L86, not a guard

final reef Mar 5, 2026, 11:40 PM

#

Ahh roger. Give me a bit and I will have a look in our config, I know we change it (though been the same way a long time)

#

Actually nevermind, we leave the same web middleware there

austere moth Mar 5, 2026, 11:44 PM

#

I mean, firstly, do you have custom guards, do you use the default guards?

final reef Mar 5, 2026, 11:49 PM

#

If I understand what you mean by guards (Illuminate\Contracts\Auth\Guard) then no, we use default. All of our ACL is based around Gates and Polices

austere moth Mar 5, 2026, 11:50 PM

#

I mean this:
https://github.com/laravel/laravel/blob/12.x/config/auth.php#L17
https://github.com/laravel/laravel/blob/12.x/config/auth.php#L39-L42
Like having something else defined

final reef Mar 5, 2026, 11:53 PM

#

Ok, yes what we have matches the default you linked

'defaults' => [
        'guard'     => 'web',
        'passwords' => 'users',
    ],

    'guards' => [
        'web' => [
            'driver'   => 'session',
            'provider' => 'users',
        ],
        'api' => [
            'driver'   => 'token',
            'provider' => 'users',
            'hash'     => false,
        ],
    ],
    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model'  => Seat\Web\Models\User::class,
        ],
    ],

#

For web anyway

#

Ok, so just playing with version. I pulled the last working docker image of our app (3 weeks ago) and confirmed it works. I then updated laravel/framework. No change, still works. Then I update horizon and am now getting 401.

final reef Mar 6, 2026, 1:03 AM

#

Likewise, on the new container build, if I downgrade horizon it returns to work. The only thing I think I can see in the horizon diff is that the middleware has changed slightly?

#

Interesting I also see the same behaviour in laravel pulse. Moving from 1.5.0 to 1.6.0 also means pulse gives a 401.

#

It has the same change adding a SentinelMiddleware... I am not sure if thats it but I cant see anything else that would have this effect

final reef Mar 6, 2026, 1:28 AM

#

So perhaps the 401 is coming from here: https://github.com/laravel/sentinel/blob/1.x/src/Http/Middleware/SentinelMiddleware.php#L19

final reef Mar 6, 2026, 1:36 AM

#

final reef So perhaps the 401 is coming from here: https://github.com/laravel/sentinel/blob...

Ok, thats it. If i comment out this line so the middleware just goes through it allows the packages to load

#

I understand that Laravel 10 is EOL and I need to move away, but is it a bad expectaion to not have breaking minor patches in packages?

#Unable to access Horizon