Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I just did a fresh install of HEAD and the toolbar subtrees are not showing up for me. I log in as user 1 but the HTTP request to /toolbar/subtrees/rStojJK4QAQL2vAsoEXOi1IZXw38Gihuqk7qQPI7UWw returns a 403 response with this body:
The website encountered an unexpected error. Please try again later.
Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 113 of core/lib/Drupal/Core/Routing/AccessAwareRouter.php).
Comment | File | Size | Author |
---|---|---|---|
#4 | toolbar_subtrees-2534830-4.patch | 2.47 KB | Wim Leers |
#4 | toolbar_subtrees-2534830-4-test-only-FAIL.patch | 1.72 KB | Wim Leers |
Comments
Comment #1
Wim LeersConfirmed, this is a regression introduced by #2217985: Replace the custom menu caching strategy in Toolbar with Core's standard caching.. Despite all the manual testing :( Clearly, our test coverage in that area is lacking.
Working on fix + tests.
Comment #2
Wim LeersComment #3
Fabianx CreditAttribution: Fabianx as a volunteer commentedRTBC, looks great!
Comment #4
Wim LeersLOL, my "test-only" test is actually WITHOUT the test, only with the fix. So it won't fail. Uploaded the right one.
No changes to the regular patch.
Comment #6
Wim LeersComment #7
alexpottCommitted 0feb1b6 and pushed to 8.0.x. Thanks!
Comment #9
longwaveThis still isn't working for me; I see exactly the same behaviour with latest HEAD locally, and I also checked it out on simplytest.me to make sure it wasn't some local environment thing.
Steps to reproduce:
1. Install Drupal with standard profile
2. Log in as user 1
3. Switch the toolbar to vertical orientation
4. Open the Network tab in your inspector
5. Click Structure (or any of the other top level menu items)
6. Note that the subtree is not displayed and there is a 403 response in the inspector
Comment #10
Wim Leers#9: did you clear your browser cache? I just reinstalled HEAD, cleared my browser cache, logged in, and it works.
Comment #11
longwaveYep, as I said I also tried it on a new simplytest.me instance, which is still available here: https://dami.ply.st/ (log in as admin/admin)
Comment #12
Fabianx CreditAttribution: Fabianx as a volunteer commentedI can confirm that there is a 403 access denied error that is cached by Drupal's core cache (X-Drupal-Cache: HIT)
Comment #13
Wim Leers#11: as discussed in IRC: I cannot even reproduce it over there, on simplytest.me (not even on the exact instance where you had the problem)! So… it seems like this is a problem that's only triggered with specific clients.
#12: STR? I can't reproduce this at all :/
Comment #14
Fabianx CreditAttribution: Fabianx as a volunteer commented#13: I click on the above link:
- I put the sidebar in vertical
- I click on Structure (but _not_ on the arrow):
Expected result:
- Structure expands down (that might be an expectation error, so could be fine)
- There is no 403 error
Actual result:
- Structure opens the /admin/structure page and 403 can be seen in XHR Tab of chrome network inspector.
- All arrows vanish
Comment #15
Wim LeersTo expand, one must click *on* the arrow. Clicking on the link itself means navigating to that link.
Comment #16
Wim LeersBut now I've been able to reproduce the 403. This is a separate problem from the bug that was already fixed in #4 + #7.
Comment #17
Wim LeersFound the root cause. This is a bug that has existed in Toolbar since the very beginning, but is only exposed since #2217985: Replace the custom menu caching strategy in Toolbar with Core's standard caching.. The problem is that we calculate the subtrees hash in the current theme (so Bartik on the frontpage, Seven on
/admin/structure
), but during the AJAX request, we always use the default theme.This causes the hashes to be different, and hence the 403… on admin pages only.
(Go to
/admin/appearance
, and use Bartik as the administration theme, and it'll work at/admin/structure
as well.)Opening a new issue for that. We're definitely missing test coverage for that too.
Comment #18
Wim LeersSo, back to fixed, per #8. New issue for the remaining bug: #2535118: Toolbar subtrees not working on admin pages due to lack of theme negotiation on Toolbar's custom JSONP route.
Comment #20
Rar9 CreditAttribution: Rar9 commentedhi i applied patch 4, but I still get above issue
D9.1.10
Lang DE as default + eng + Account administration pages
Path: /en/toolbar/subtrees/kEIgVbrAnk8tVlQ2I7zujQnIh9zFpVDT4RPSO9jovOs?_wrapper_format=drupal_ajax. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 120 of /var/www/vhosts/drupal9/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).
Comment #21
tarik.cipix CreditAttribution: tarik.cipix commentedYeah same, this issue is not fixed, when you add a second language and enable the detection method account administration pages you get the same 403 as reported in the issue summary
Drupal Core 8.9.16, please re-open.
Comment #22
DiDebruDrupal core 8.9.17
We are facing the same issue.
default engl with 5 other languages.
Comment #23
candelas CreditAttribution: candelas as a volunteer commentedSame problem with Drupal 9.2.4 after enabling detection method account administration pages.
Comment #24
mlncn CreditAttribution: mlncn at Agaric for Drutopia commentedAlso seeing this. Can this be re-opened or is there a similar issue somewhere? Seeing it on node/add with a subtheme of Claro (Encontrarlo).
Comment #25
longwavePlease open a new issue describing the problem, with a set of steps to reproduce from a fresh install if possible.
Comment #26
leisurman CreditAttribution: leisurman commentedSame problem with Drupal 9.3
POST http://au1/toolbar/subtrees/VAQdABldryPtu9HzNVIjx1cgriyLzPRGyWJdtSLaUAo?_wrapper_format=drupal_ajax 403 (Forbidden)
Uncaught Drupal.AjaxError {message: "\nAn AJAX HTTP error occurred.\nHTTP Result Code: 40…tatusText: Forbidden\nResponseText: {\"message\":\"\"}", name: "AjaxError"}
Comment #27
leisurman CreditAttribution: leisurman commentedTry Clash with admin_toolbar_tools