Problem/Motivation

If a site is implementing a RestResource, the responses are affected negatively (returning a 404 when a 403 with a message is expected).

Steps to reproduce

Proposed resolution

Add configuration to disable the redirection on a set of paths

Remaining tasks

User interface changes

API changes

Data model changes

Issue fork m4032404-3358555

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Albert Volkman created an issue. See original summary.

Albert Volkman opened merge request !3

albert volkman’s picture

albert volkman commented
Status: Active » Needs review
hotwebmatter’s picture

hotwebmatter commented

This seems correct.

I will note, however, that the behavior appears to be sticky until caches are cleared.

So ... either invalidate caches for the specified routes when config is saved, or take the lazy route and add some text saying "Rebuild caches after saving configuration."

Does that make sense?

albert volkman’s picture

albert volkman commented

@hotwebmatter nice catch! Latest commit should handle that.

hotwebmatter’s picture

hotwebmatter commented
Status: Needs review » Reviewed & tested by the community

Tested Merge request !3

With unpatched module, http://d9.lndo.site/admin/config/system/m4032404 is redirected to 404, whether or not the "Enforce on Admin Only" boolean is set TRUE.

After applying patch, if no Pages are specified, the default behavior remains the same, and http://d9.lndo.site/admin/config/system/m4032404 is redirected to 404, whether or not the "Enforce on Admin Only" boolean is set TRUE.

After specifying /admin/config/system/m4032404 in Pages, the following behavior occurs:

  • When "Redirect the above paths to 404" radio button is selected:
    $ wget --spider http://d9.lndo.site/admin/config/system/m4032404
Spider mode enabled. Check if remote file exists.
--2023-05-09 18:12:29--  http://d9.lndo.site/admin/config/system/m4032404
Resolving d9.lndo.site (d9.lndo.site)... 127.0.0.1
Connecting to d9.lndo.site (d9.lndo.site)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
Remote file does not exist -- broken link!!!
  • When "Do not redirect the above paths to 404" radio button is selected:
    $  wget --spider http://d9.lndo.site/admin/config/system/m4032404
Spider mode enabled. Check if remote file exists.
--2023-05-09 18:12:40--  http://d9.lndo.site/admin/config/system/m4032404
Resolving d9.lndo.site (d9.lndo.site)... 127.0.0.1
Connecting to d9.lndo.site (d9.lndo.site)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
Remote file does not exist -- broken link!!!

Reviewed and tested by the community.

elc made their first commit to this issue’s fork.

elc’s picture

elc commented
Status: Reviewed & tested by the community » Fixed

Follow up #3529941: Use ConditionManager instead of custom code

elc’s picture

elc commented
Related issues: +#3530038: Update deprecated config for Method to bypass redirection

If this patch was used on a production site, it will need the update introduced in #3530038: Update deprecated config for Method to bypass redirection

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.