Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Referer is not saved in the session for custom backend routes #7190

Closed
ameotoko opened this issue May 4, 2024 · 3 comments · Fixed by #7227
Closed

Referer is not saved in the session for custom backend routes #7190

ameotoko opened this issue May 4, 2024 · 3 comments · Fixed by #7227
Labels
bug
Milestone
4.13

Comments

@ameotoko
Copy link
Contributor

ameotoko commented May 4, 2024

Affected version(s)

4.13

Description

In my custom backend route, I have a link to the user profile, and I want the “Go back” button to lead back to my route. But this doesn’t work, the route is never stored in the session under 'referer', and the button leads to the last visited “core” backend url. Custom backend routes are skipped.

The developer docs say here:

If the scope is backend, <...> Contao will also automatically generate a "referer ID token" and store it as another request attribute under _contao_referer_id. Plus the current and last URL will be stored in the session. This is used in the back end for the "go back" links for example.

However, the referer is not actually stored in this case, because StoreRefererListener specifically checks for the contao_backend route here:

contao/core-bundle/src/EventListener/StoreRefererListener.php

Lines 88 to 97 in 74afbb0

private function canModifyBackendSession(Request $request): bool
{
return !$request->query->has('act')
&& !$request->query->has('key')
&& !$request->query->has('token')
&& !$request->query->has('state')
&& 'feRedirect' !== $request->query->get('do')
&& 'contao_backend' === $request->attributes->get('_route')
&& !$request->isXmlHttpRequest();
}

I was able to verify that by commenting out just that one line.
@leofeyer leofeyer added this to the 4.13 milestone May 5, 2024
@leofeyer leofeyer added the up for discussion Issues and PRs which will be discussed in our monthly Mumble calls. label May 5, 2024
@fritzmg
Copy link
Contributor

fritzmg commented May 5, 2024
edited

Imho we should just replace

&& 'contao_backend' === $request->attributes->get('_route')

with something like

&& 'backend' === $request->attributes->get('_scope')
&& false !== $request->attributes->get('_store_referrer')

and adjust the backend routes of the Contao core that should not store the referer accordingly.

@leofeyer
Copy link
Member

leofeyer commented May 6, 2024

That sounds reasonable. Any other ideas?

@fritzmg
Copy link
Contributor

fritzmg commented May 6, 2024
edited

One question is: should it be opt-in rather than opt-out. With my suggestion it would store the referrer by default and you can opt out - but that means we have to set '_store_referrer' => false for quite a lot of back end routes. However, opt-out would be more convenient for the App\ or back end routes from bundles.

@fritzmg fritzmg mentioned this issue May 18, 2024
Merged
leofeyer added a commit that referenced this issue May 21, 2024
@fritzmg @leofeyer
Store the referrer by default in backend scope (see #7227)
4b9ce83 
Description
-----------

#7190

This implements my opt-out suggestion from #7190 (comment).

Any back end route will now store the referrer by default - but you can opt-out via `_store_referrer: false` in your route defaults/attributes.

/cc @ameotoko

Commits
-------

cadf65a Always store referrer for backend _scope
0cfb6ec Make the configuration explicit

Co-authored-by: leofeyer <1192057+leofeyer@users.noreply.github.com>
leofeyer added a commit to contao/installation-bundle that referenced this issue May 21, 2024
@fritzmg @leofeyer
Store the referrer by default in backend scope (see #7227)
0486a36 
Description
-----------

#7190

This implements my opt-out suggestion from contao/contao#7190 (comment).

Any back end route will now store the referrer by default - but you can opt-out via `_store_referrer: false` in your route defaults/attributes.

/cc @ameotoko

Commits
-------

cadf65a3 Always store referrer for backend _scope
0cfb6ec2 Make the configuration explicit

Co-authored-by: leofeyer <1192057+leofeyer@users.noreply.github.com>
leofeyer added a commit to contao/core-bundle that referenced this issue May 21, 2024
@fritzmg @leofeyer
Store the referrer by default in backend scope (see #7227)
855dc1a 
Description
-----------

#7190

This implements my opt-out suggestion from contao/contao#7190 (comment).

Any back end route will now store the referrer by default - but you can opt-out via `_store_referrer: false` in your route defaults/attributes.

/cc @ameotoko

Commits
-------

cadf65a3 Always store referrer for backend _scope
0cfb6ec2 Make the configuration explicit

Co-authored-by: leofeyer <1192057+leofeyer@users.noreply.github.com>
@fritzmg fritzmg linked a pull request May 21, 2024 that will close this issue
Store the referrer by default in backend scope #7227
Merged
@fritzmg fritzmg closed this as completed May 21, 2024
@fritzmg fritzmg removed the up for discussion Issues and PRs which will be discussed in our monthly Mumble calls. label May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
4.13
Development

Successfully merging a pull request may close this issue.

Store the referrer by default in backend scope fritzmg/contao
3 participants
@leofeyer @fritzmg @ameotoko