I am trying to change the request url value in admin route.xml. When i use vendor_module as frontName it`s working fine. but when i try to use module as a frontName in admin route then its not working.
Vendor/ModuleName/etc/adminhtml/route.xml
Before
<router id="admin">
<route id="vendor_module" frontName="vendor_module">
<module name="Vendor_ModuleName" />
</route>
</router>
After
When i use below code as admin route it`s not worked for me. Like when i try access url module/template/edit then its redirect to admin Dashboard page.
<router id="admin">
<route id="vendor_module" frontName="module">
<module name="Vendor_ModuleName" />
</route>
</router>
Note : I want to use this without turn off Admin > Store > Configuration > Advanced > Admin > Security > Add Secret Key to URLs
2
Answers
The id and front name in the route.xml file must be synchronized with each other. If you set it differently it won’t know what URL you’re using so it will redirect you to the admin’s home page.
For field: Add Secret Key to URLs, the main function of this field is secret Key is useful for preventing CSRF (Cross-site request forgery) Attack (The most practical example is in your case). This is a security bug that has been fixed by Magento. If you disable this field, your admin page will be very vulnerable to attack
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.
I recommend leaving this option enabled.