Toolbar subtrees not working

Confirmed, this is a regression introduced by #2217985: Replace the custom menu caching strategy in Toolbar with Core's standard caching.. Despite all the manual testing :( Clearly, our test coverage in that area is lacking.

Working on fix + tests.

RTBC, looks great!

LOL, my "test-only" test is actually WITHOUT the test, only with the fix. So it won't fail. Uploaded the right one.

No changes to the regular patch.

Committed 0feb1b6 and pushed to 8.0.x. Thanks!

#9: did you clear your browser cache? I just reinstalled HEAD, cleared my browser cache, logged in, and it works.

I can confirm that there is a 403 access denied error that is cached by Drupal's core cache (X-Drupal-Cache: HIT)

#11: as discussed in IRC: I cannot even reproduce it over there, on simplytest.me (not even on the exact instance where you had the problem)! So… it seems like this is a problem that's only triggered with specific clients.

#12: STR? I can't reproduce this at all :/

#13: I click on the above link:

- I put the sidebar in vertical
- I click on Structure (but _not_ on the arrow):

Expected result:

- Structure expands down (that might be an expectation error, so could be fine)
- There is no 403 error

Actual result:

- Structure opens the /admin/structure page and 403 can be seen in XHR Tab of chrome network inspector.
- All arrows vanish

- I click on Structure (but _not_ on the arrow):

To expand, one must click *on* the arrow. Clicking on the link itself means navigating to that link.

But now I've been able to reproduce the 403. This is a separate problem from the bug that was already fixed in #4 + #7.

Found the root cause. This is a bug that has existed in Toolbar since the very beginning, but is only exposed since #2217985: Replace the custom menu caching strategy in Toolbar with Core's standard caching.. The problem is that we calculate the subtrees hash in the current theme (so Bartik on the frontpage, Seven on /admin/structure), but during the AJAX request, we always use the default theme.

This causes the hashes to be different, and hence the 403… on admin pages only.

(Go to /admin/appearance, and use Bartik as the administration theme, and it'll work at /admin/structure as well.)

Opening a new issue for that. We're definitely missing test coverage for that too.

So, back to fixed, per #8. New issue for the remaining bug: #2535118: Toolbar subtrees not working on admin pages due to lack of theme negotiation on Toolbar's custom JSONP route.

hi i applied patch 4, but I still get above issue

D9.1.10
Lang DE as default + eng + Account administration pages

Path: /en/toolbar/subtrees/kEIgVbrAnk8tVlQ2I7zujQnIh9zFpVDT4RPSO9jovOs?_wrapper_format=drupal_ajax. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 120 of /var/www/vhosts/drupal9/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

Yeah same, this issue is not fixed, when you add a second language and enable the detection method account administration pages you get the same 403 as reported in the issue summary

Drupal Core 8.9.16, please re-open.

Drupal core 8.9.17
We are facing the same issue.
default engl with 5 other languages.

Same problem with Drupal 9.2.4 after enabling detection method account administration pages.

Also seeing this. Can this be re-opened or is there a similar issue somewhere? Seeing it on node/add with a subtheme of Claro (Encontrarlo).

Same problem with Drupal 9.3

POST http://au1/toolbar/subtrees/VAQdABldryPtu9HzNVIjx1cgriyLzPRGyWJdtSLaUAo?_wrapper_format=drupal_ajax 403 (Forbidden)

Uncaught Drupal.AjaxError {message: "\nAn AJAX HTTP error occurred.\nHTTP Result Code: 40…tatusText: Forbidden\nResponseText: {\"message\":\"\"}", name: "AjaxError"}

Try Clash with admin_toolbar_tools