Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem/Motivation
Using webform_share to embed a form via the /webform/{webform}/share.js route, a '403 Forbidden' response is returned when the form page setting (e.g. Allow users to post submissions from a dedicated URL) is disabled.
Steps to reproduce
- Check 'Form sharing enabled' (from the webform_share submodule)
- Uncheck 'Allow users to post submissions from a dedicated URL'
- Embed the webform on a host page using the JavaScript option (e.g.
<script src="//d9.test/webform/share_test/share.js"></script>) - The webform will not be embedded on the host page, and developer tools will show a 403 response for the /webform/share_test/share.js URL.
Proposed resolution
Change the _entity_access route requirement from webform.submission_page to webform.submission_create for the entity.webform.share_script route.
This seems OK because the entity.webform.share_page.javascript route, which the share script itself embeds for the iframe src, uses webform.submission_create.
Issue fork webform-3321649
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #3
jeffamComment #4
jeffamComment #8
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented