Problem/Motivation

Original report:

\Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() causes the current user's cache tag to be associated with the access result.

Even though there should not be such a cache tag, only the user.roles cache context (which is also present).

I tried to find the root cause, but quickly got lost in the complexity of the context system.

Discovered in #2765959: Make 4xx REST responses cacheable by (Dynamic) Page Cache + comprehensive cacheability test coverage.

Proposed resolution

Bug since fixed elsewhere, and the MR just removes the workaround and @todo added in #2765959

CommentFileSizeAuthor
#18 2867881-17.patch1.15 KBsmustgrave
#5 2867881-5.patch2.45 KBWim Leers

Issue fork drupal-2867881

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Wim Leers created an issue. See original summary.

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.0-alpha1 will be released the week of July 31, 2017, which means new developments and disruptive changes should now be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers at Acquia commented
Issue summary: View changes
Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers at Acquia commented
Issue tags: +API-First Initiative

This also affects the API-First Initiative. #2765959: Make 4xx REST responses cacheable by (Dynamic) Page Cache + comprehensive cacheability test coverage had to add these work-arounds for this bug, which this issue will be able to remove:

+    // @todo Fix BlockAccessControlHandler::mergeCacheabilityFromConditions() in
+    //   https://www.drupal.org/node/2867881
+    if (static::$entityTypeId === 'block') {
+      $expected_cache_contexts = Cache::mergeContexts($expected_cache_contexts, ['user.permissions']);
+    }

+      // @todo Fix \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() in https://www.drupal.org/node/2867881
+      if (static::$entityTypeId === 'block') {
+        $expected_cookie_403_cacheability->setCacheTags(str_replace('user:2', 'user:0', $expected_cookie_403_cacheability->getCacheTags()));
+      }
Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers at Acquia commented
Status: Active » Needs review
FileSize
2867881-5.patch2.45 KB

IOW: this patch fails today, this issue should make it green! 🙂

Status: Needs review » Needs work

The last submitted patch, 5: 2867881-5.patch, failed testing. View results

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.0-alpha1 will be released the week of January 17, 2018, which means new developments and disruptive changes should now be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.6.x-dev » 8.7.x-dev

Drupal 8.6.0-alpha1 will be released the week of July 16, 2018, which means new developments and disruptive changes should now be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.7.x-dev » 8.8.x-dev

Drupal 8.7.0-alpha1 will be released the week of March 11, 2019, which means new developments and disruptive changes should now be targeted against the 8.8.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.0-alpha1 will be released the week of October 14th, 2019, which means new developments and disruptive changes should now be targeted against the 8.9.x-dev branch. (Any changes to 8.9.x will also be committed to 9.0.x in preparation for Drupal 9’s release, but some changes like significant feature additions will be deferred to 9.1.x.). For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 9.1.x-dev » 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.0-alpha1 was released on May 6, 2022, which means new developments and disruptive changes should now be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.5.x-dev » 10.1.x-dev

Drupal 9.5.0-beta2 and Drupal 10.0.0-beta2 were released on September 29, 2022, which means new developments and disruptive changes should now be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

smustgrave’s picture

smustgrave CreditAttribution: smustgrave commented

This came up as a daily bugsmash target.

Rerolled #5 the changes in core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php were previously commented.

Lets see what fails.

smustgrave’s picture

smustgrave CreditAttribution: smustgrave commented
FileSize
2867881-17.patch1.15 KB

Update

Version: 10.1.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch, which currently accepts only minor-version allowed changes. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

catch made their first commit to this issue’s fork.

catch opened merge request !6718

catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch at Third and Grove commented
Status: Needs work » Needs review

Converted the patch to an MR. Given #18 was green, we might have just fixed this elsewhere without removing the @todo.

catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch at Third and Grove commented
Title: Context system + \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() incorrectly handling cacheability, causing incorrect cache tags » Remove @todo and workaround in Cookie ResourceTestTrait
Component: block.module » rest.module
Category: Bug report » Task
Priority: Major » Normal
Issue summary: View changes
Status: Needs review » Reviewed & tested by the community
Issue tags: -Needs tests

Since all I did was convert the patch to an MR, I think I can RTBC this. Updated the issue title and summary.

dww’s picture

dww
we/he/they
CreditAttribution: dww as a volunteer commented
Issue tags: +Bug Smash Initiative

Tagging that this came up as a random triage target today in #bugsmash, which is where the new life came from.

dww’s picture

dww
we/he/they
CreditAttribution: dww as a volunteer commented

Also reviewed the MR code and test results. RTBC++.

Hah, this was random #bugsmash ~1.5 years ago for patch #17, but wasn't tagged then, either. 😅

Saving credits for everyone.

dww’s picture

dww
we/he/they
CreditAttribution: dww as a volunteer commented
Issue summary: View changes

Minor summary edit, but I didn't bother with the full default template since none of the other headings are relevant here.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott as a volunteer and at Acro Commerce, Thunder commented
Version: 11.x-dev » 10.2.x-dev
Status: Reviewed & tested by the community » Fixed

Backported to 10.2.x as a test only change.

Committed and pushed eed7ea3a50 to 11.x and 0d4a5883d4 to 10.3.x and 4d9ec8d74a to 10.2.x. Thanks!

  • alexpott committed 4d9ec8d7 on 10.2.x 
    Issue #2867881 by catch, Wim Leers, smustgrave, dww: Remove @todo and...

  • alexpott committed 0d4a5883 on 10.3.x 
    Issue #2867881 by catch, Wim Leers, smustgrave, dww: Remove @todo and...

  • alexpott committed eed7ea3a on 11.x 
    Issue #2867881 by catch, Wim Leers, smustgrave, dww: Remove @todo and...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.