dark wigeon
From looking online and searching here on discord I found one message that mentions:
Livewire apps are being targeted more often now because people are trying to hack them after the recent CVEs that have started to be exploited. You can silence these exceptions in your app's error handler if you want, even in production-only
But recently we noticed an increase in those error getting raised
There are just some of them:
TypeError: Filament\Notifications\Collection::{closure:Filament\Notifications\Collection::fromLivewire():32}(): Argument #1 ($notification) must be of type array, int given
TypeError: Filament\Actions\StaticAction::arguments(): Argument #1 ($arguments) must be of type ?array, int given, called in /home/forge/xxxx/releases/xxxx/vendor/filament/actions/src/Concerns/InteractsWithActions.php on line 359
Livewire\Features\SupportLockedProperties\CannotUpdateLockedPropertyException: Cannot update locked property: [areFormStateUpdateHooksDisabledForTesting]
TypeError: Filament\Pages\BasePage::getInfolist(): Argument #1 ($name) must be of type string, null given, called in /home/forge/xxx/releases/xxx/vendor/filament/infolists/src/Concerns/InteractsWithInfolists.php on line 270
Is there any way to safely block access to livewire/update without breaking the app?
In the message I mentioned above there was a link attached ( https://laravel.com/docs/12.x/errors#ignoring-exceptions-by-type ) that lets you ignore certain types of errors, but I don't think that is wise from a security standpoint.
Are there any viable solutions for this?
We are running:
Laravel 12.48.1
Filament v3.3.47
PHP 8.4
warped nacelle