Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
if ($url->isRouted()) {
$allowed = TRUE;
try {
$url->toString();
}
// The following exceptions are all possible during URL generation, and
// should be considered as disallowed URLs.
catch (RouteNotFoundException $e) {
$allowed = FALSE;
}
catch (InvalidParameterException $e) {
$allowed = FALSE;
}
catch (MissingMandatoryParametersException $e) {
$allowed = FALSE;
}
if (!$allowed) {
$this->context->addViolation($constraint->message, ['@uri' => $value->uri]);
}
}
Note the $url->toString();
in there; this bubbles cacheability. But for the purposes of this validation, that's pointless and meaningless. It should not bubble cacheability.
Proposed resolution
Collect cacheability instead of allowing it to be bubbled.
Remaining tasks
None.
User interface changes
None.
API changes
None.
Data model changes
None.
Comment | File | Size | Author |
---|---|---|---|
#16 | 2982060-16.patch | 1.26 KB | Wim Leers |
#3 | 2982060-3.patch | 933 bytes | Wim Leers |
Comments
Comment #2
Wim LeersDiscovered at #2948666-37: Remove JSON API's use of $context['cacheable_metadata'].
Comment #3
Wim LeersComment #4
Wim LeersComment #5
Wim LeersComment #7
Wim LeersLooks like this same bug was reported again: #2991135: Create entity - internal link - The controller result claims to be providing relevant cache metadata, but leaked metadata was detected. Please ensure you are not rendering content too early. Returned object class: Drupal\\jsonapi\\ResourceResponse.. Bumping from to .
Comment #8
Wim Leers@sorina.hriban confirmed that this patch fixed his problem reported in #2991135!
Comment #9
sorina.hriban CreditAttribution: sorina.hriban commentedI confirm also here that the patch added resolved the link internal problem.
Comment #10
sorina.hriban CreditAttribution: sorina.hriban commentedComment #11
Wim LeersYay, thanks, @sorina.hriban!
Comment #12
alexpottCan we add something to LinkNotExistingInternalConstraintValidatorTest to ensure nothing is bubbled?
Comment #13
Wim LeersI don't see how we can do that without creating a new functional test. Because the current test is a unit test (as it should be), and hence we'd need to mock both
toString()
andtoString(TRUE)
behavior, and then fail in case oftoString()
. IOW: it'd require mocking of things outside the unit…The JSON API module does have functional tests that ran into this problem:
\Drupal\Tests\jsonapi\Functional\ShortcutTest::testPostIndividual()
are marked as skipped because of this bug.Is it really worth creating a full functional test for this tiny trivial single-line patch?
Comment #15
psf_ CreditAttribution: psf_ at SDOS commentedDrupal 8.7.5 has this patch applied, or have the same modification in it. ¯\@¿@/¯
But I have the same problem with JSON:API, the same query with filter fail and without filter not.
Comment #16
Wim LeersWow. Mindbending.
#13 and #15 are exactly one year apart. I looked at the date of #13 and thought I had forgotten part of my memory 🤯
Reading #13 … I now have a different answer: the test I mentioned there is now part of Drupal core, thanks to JSON:API landing in core.
So I tried to unmark those tests as skipped, so they should fail again:
… but turns out the fix (the patch in #3) already landed as part of #2895532: @DataType=map cannot be normalized, affects @FieldType=link, @FieldType=map.
Comment #17
Wim LeersComment #18
gabesulliceUn-skipping tests, tests still pass, reason given for why they pass now but didn't pass before checks out... LGTM!
Comment #19
larowlanCommitted d6bc614 and pushed to 8.8.x. Thanks!