'Account administration pages' language negotiation causes 'access denied' in toolbar subtree caching.

I have followed all the steps and I can´t reproduce it. May I missing something? How do you get this error? Just loading the page? I can't see any error on the toolbar.

I can also see this problem, using 8.3.0. Having "Account administration pages" activated at the language detection page at /admin/config/regional/language/detection. When de-activating the "Account administration pages" setting, the ajax seems to work again. I also have the primary language setting at something different than English.

I'm also having this issue when that setting is enabled. Logged in or not, I can't visit my french content pages. I just get page not found.

Having the same problem.
@nuez would you have a moment to make the test, please? Thanks

Patch in #10 has no effects and doesn't solve the problem for our sites. We're using content and interface translation too, but we get always an 403.

For now, I remove the check if the hashes are equals to provide a working toolbar menu on ToolbarController::checkSubTreeAccess():

diff --git a/core/modules/toolbar/src/Controller/ToolbarController.php b/core/modules/toolbar/src/Controller/ToolbarController.php
index b4abf27c2..b1672e226 100644
--- a/core/modules/toolbar/src/Controller/ToolbarController.php
+++ b/core/modules/toolbar/src/Controller/ToolbarController.php
@@ -49,7 +49,7 @@ public function subtreesAjax() {
    */
   public function checkSubTreeAccess($hash) {
     $expected_hash = _toolbar_get_subtrees_hash()[0];
-    return AccessResult::allowedIf($this->currentUser()->hasPermission('access toolbar') && Crypt::hashEquals($expected_hash, $hash))->cachePerPermissions();
+    return AccessResult::allowedIf($this->currentUser()->hasPermission('access toolbar'))->cachePerPermissions();
   }

 }

May be it relates to this bug, but on the horizontal bar the active trail isn't working.

And I would change priority to Major because the backend is unusable with vertical toolbar.

Possible duplicate of Toolbar submenu 403 forbidden when using different user language and relates to Admin toolbar should always be rendered in the admin language (if set).

While it's not the correct solution the patch was still a good workaround for our use case. The patch didn't apply anymore on 8.9.* so here is a reroll.

#22 works for me on 8.8.10

hi i applied patch 22, but I still get above issue sometimes

D9.1.10
Lang DE as default + eng + Account administration pages

Path: /en/toolbar/subtrees/kEIgVbrAnk8tVlQ2I7zujQnIh9zFpVDT4RPSO9jovOs?_wrapper_format=drupal_ajax. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 120 of /var/www/vhosts/drupal9/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

tried patch 22, did not work.
Found out that the _toolbar_get_subtrees_hash() produces a different hash because the initial toolbar_get_rendered_subtrees() contained the "scheduled content" from the scheduler module and the menu generated when doing the ajax request did not contain the scheduled content item. Not sure why, i've disabled the view and the problem was no longer present

not a solution but at least i can continue for now

Problem still exists in Drupal 10.1.4, has anyone found a solution for this matter? #22 did't work for me. My setup is similar to the setup explained in the issue description. Thanks

I have the same problem with same kind of settings and Drupal 10.1.4. #22 patch didn't work.

What I debug toolbar modules code I find that ToolbarController.php checkSubTreeAccess() function $hash and $expected_hash are not match so hash_equals() returns false.

I have the same problem with same kind of settings and Drupal 10.2.1 .
I have Catalan as main language and I as user English (I am user 1).
My solution is not to use admin language in the language negotiation and set first user and then url as the only Detection methods.