Problem/Motivation
#956186: Allow AJAX to use GET requests caused a regression that leaks the ajax_page_state
query paramater into the redirect destination URLs generated by Views.
Steps to reproduce
- Install Drupal 11.x with standard profile
- Enable ajax on the /admin/content view
- Create one article node
- Visit /admin/content and apply a filter (e.g. Type = Article)
- Delete the article
This redirects to which breaks rendering because of the ajax_page_state
:
/admin/content?title=&type=article&status=All&langcode=All&ajax_page_state[theme]=claro&ajax_page_state[theme_token]=OUqFxWhAOwXtkRPcSAdL4jbOuw8Cz4O-QlNSqWuM82c&ajax_page_state[libraries]=big_pipe/big_pipe%2Cclaro/drupal.nav-tabs%2Cclaro/global-styling%2Ccontextual/drupal.contextual-links%2Ccontextual/drupal.contextual-toolbar%2Ccore/drupal.active-link%2Ccore/drupal.dropbutton%2Ccore/drupal.tableheader%2Ccore/drupal.tableresponsive%2Ccore/drupal.tableselect%2Ccore/normalize%2Cshortcut/drupal.shortcut%2Csystem/admin%2Csystem/base%2Ctoolbar/toolbar%2Ctoolbar/toolbar.escapeAdmin%2Ctour/tour%2Cuser/drupal.user.icons%2Cviews/views.ajax%2Cviews/views.module
Proposed resolution
Fix it.
Comment | File | Size | Author |
---|---|---|---|
#26 | 3364088-ajax-get-state-leaking-9_5_x-26.patch | 8.24 KB | Altcom_Neil |
#12 | interdiff.txt | 1.95 KB | lauriii |
#12 | 3364088-11.patch | 7.49 KB | lauriii |
#9 | interdiff.txt | 1.6 KB | lauriii |
#9 | 3364088-9.patch | 7.48 KB | lauriii |
Comments
Comment #2
lauriiiComment #3
lauriiiComment #6
lauriiiComment #8
lauriiiPosting my progress here but this is going to have the same test failing as #6. The test failure looks unrelated to this - I'm researching that because it seems like another major/critical issue.
Comment #9
lauriiiThe other bug I discovered is that Views generates incorrect destination paths when Drupal is in a subdirectory. The fix is on the same method and is covered by the test coverage being added here so probably better to fix it here. I also can't integration test the originally reported bug without fixing this.
Comment #12
lauriiiThis should address the failing tests. I tried to add a unit test to
\Drupal\Tests\views\Unit\Controller\ViewAjaxControllerTest
to test with base path but turns out setting up\Symfony\Component\HttpFoundation\Request
with a base path is not super straight forward and mocking it doesn't seem super handy either. 😬Comment #13
lauriiiComment #14
smustgrave CreditAttribution: smustgrave at Mobomo commentedConfirmed the issue described in the issue summary.
Patch #12 solved the issue.
Comment #15
mstrelan CreditAttribution: mstrelan at PreviousNext commented@lauriii++
Patch looks good and fixes the issue I reported in #2253257-164: Use a modal for entity delete operation links. RTBC++
Comment #16
tim.plunkettReviewed this as a subsystem maintainer of both AJAX and Views.
These are 3 sensible places to do this. Especially glad to see the change to PagerParameters
Nice :)
This assertion was incorrectly removed in #956186-152: Allow AJAX to use GET requests, glad to see it restored here
Confirmed that adding this slash here does NOT change the intention or coverage of the test. This is a side-effect of normalizing the path with that ltrim above.
RTBC++
Comment #17
olli CreditAttribution: olli commentedNice! This has been reported also in #3130504: In subsite setup view_path is not correct for links on AJAX page refresh.
Comment #19
lauriiiThanks @olli! I tried to look for an issue for that but looks like I didn't try hard enough. 😅 Moving credits from #3130504: In subsite setup view_path is not correct for links on AJAX page refresh to here.
Comment #22
catchThanks for finding and fixing the bug I introduced...
I think it would be nice if we could eventually centralise taking out ajax_page_state from incoming request URLs (rather than on generation), but that might be something that could be looked at in #3348789: Compress ajax_page_state, definitely not here.
Committed/pushed to 11.x and 10.1.x, thanks!
Comment #23
dmurphy1 CreditAttribution: dmurphy1 at Savas Labs commentedHey all, thanks for your work on this! I just wanted to flag that I create a new issue that I think may be related but doesn't appear to be resolved when testing on 10.1.x-dev: https://www.drupal.org/project/drupal/issues/3366287.
Comment #25
BerdirAaand there's another one: #3372678: Ajax state leaking to Views bulk operations
Comment #26
Altcom_Neil CreditAttribution: Altcom_Neil commentedThanks for working on this, here is a D9.5.x backport of patch #11
Comment #27
Yury N CreditAttribution: Yury N as a volunteer commentedAnother issue with destination path for subdirectory installation. If you also have language prefix in path it is lost:
/subdirectory/de/admin/content/media
becomes/subdirectory/admin/content/media