Entity browser forces ajax when displaying the view and it now also force-enables it in the UI, but especially if you have existing, old views and also e.g. the views provided by media.module (unless they were fixed in the meantime), that flag might be off by default.
Maybe even on new ones, didn't test how the forcing works exactly.
That means that with the security update that came out yesterday, those views are now broken and you need to explicitly open the ajax settings and save.
As discussed with @slashrsm, we might want to a) display a clear error upfront in the entity browser instead of the view and/or add an update function to force the flag to enabled for all entity browser displays, might not be trivial.
Comment | File | Size | Author |
---|---|---|---|
#39 | d8_entity_browser-2902831.patch | 908 bytes | fago |
#24 | entity-browser-use-ajax-2902831-24.patch | 880 bytes | Berdir |
#16 | entity_browser-update_use_ajax_on_views-2902831-16.patch | 1023 bytes | phjou |
#12 | entity_browser-update_use_ajax_on_views-2902831-12.patch | 1.03 KB | phjou |
#5 | entity_browser_views-2902831-5.patch | 583 bytes | pafa7a |
Comments
Comment #2
BerdirAfter some more testing, I can confirm that even when creating a new view now in the UI, and the UI says "Yes (Forced)", the view does actually *not* have it enabled, you have to explicitly open and re-save the setting.
So I'm fairly sure that a lot of people are going to be affected by this.
Comment #3
guldi CreditAttribution: guldi commentedYep, +1
Comment #4
marcoscanoMarked #2903097: AJAX 403 Error with Browser Content using View display as duplicate of this one.
Comment #5
pafa7a CreditAttribution: pafa7a commentedWhen you apply the patch, go to the view and apply the Use ajax option.
Comment #6
yoruvo CreditAttribution: yoruvo as a volunteer commentedI was affected by this and can confirm that the patch and instruction in #5 worked.
However, doesn't this mean that all the modules that depend on Entity Browser need to update their view configs to include the following line?
For example, the Media Entity Browser view doesn't come with that line. So I feel that this ticket should be escalated to other projects, but I'm not sure about the procedure there.
Comment #7
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot commentedThank you :)
Same question as in comment #6
Comment #8
esolitosConfirming this issue, haven't tested the patch.
Answering to the question on #6, yes as Berdir commented in the issue description, all old views must be updated:
> As discussed with @slashrsm, we might want to a) display a clear error upfront in the entity browser instead of the view and/or add an update function to force the flag to enabled for all entity browser displays, might not be trivial.
Comment #9
hugovk CreditAttribution: hugovk at Digia commentedI was also affected by this and also the instruction in #5 worked. The patch wasn't necessary.
Comment #10
BerdirI don't think the patch actually does anything useful, it just removes the force, but it's still not actually forced?
There's still the question of an update function as well as *actually* forcing it for new views by overriding the default settings?
That would mean we need to override defineOptions(), not the summary (that can be removed and is just misleading) and there set the default of use_ajax to true (the second usage, not the one inside defaults).
Comment #11
Berdir@dawehner pointed out that we can also override getOption('use_ajax') and always return TRUE there.
Comment #12
phjouHi everyone,
I did a patch to update existing views that use entity_browser plugin in order to save them with use_ajax to TRUE.
It should solve reload problems on entity browser views. It worked for me, I hope it will resolve the problem for you either :)
Comment #13
cilefen CreditAttribution: cilefen commentedComment #14
ozinHi @phjou
Looks like you do not need the
Comment #15
drupalninja99 CreditAttribution: drupalninja99 at Mediacurrent commentedDo we need to post an issue in the media_entity_browser queue as well? Does that need a similar patch?
Comment #16
phjouIndeed, I changed the code and forget to remove that variable.
I've just removed the line.
I don't think it's necessary to use a queue because I doubt that a website has so many views with entity_browser plugin.
Comment #17
phjouComment #18
MaxPah#16 Working for me. Thanks
Comment #19
phjouSorry @drupalninja99, I haven't read correctly your comment.
Indeed I think it could be usefull to do a patch in order to set use_ajax to TRUE into the views export.
But it also affects every module that uses an entity browser views. I've checked file_browser and they have exported "use_ajax" to TRUE which is not the case for entity_media_browser.
Comment #20
phjouComment #21
drupalninja99 CreditAttribution: drupalninja99 at Mediacurrent commentedThanks @phjou!
Comment #22
ryan.gibson CreditAttribution: ryan.gibson commentedTested, this fixes the issue.
Comment #23
fmfpereira CreditAttribution: fmfpereira as a volunteer and commented#16 is working for for existing views, but when you create a new view after the update the problem still persists.
Comment #24
BerdirHere's another approach which should also work, noticed that we already override ajaxEnabled() but core didn't use its own API's :(
Comment #26
mudassar774 CreditAttribution: mudassar774 commentedHi I have custom media solution and when perform any ajax based operation i.e. search items by name. Logs gives access denied with message
It get fix after applying patch :)
Comment #27
ahebrank CreditAttribution: ahebrank commentedSo this is a core bug, right? The 8.3.7 SA change
https://github.com/drupal/drupal/commit/65cef2e9f5c37c7b0d1b70627779bd47...
should use ajaxEnabled() rather than looking at the checkbox on the display?
Comment #28
phjou@ahebrank This issue is linked to many problems.
The original problem is that the views used by entity browser should have use_ajax set to TRUE.
That implies that:
- Every module that provides an entity browser view sould set use_ajax to TRUE into the export.
- Existing views should be updated to use_ajax to TRUE
The problem could not be "visible" if the core used his ajaxEnabled API but I think it's better to set use_ajax to TRUE in order to avoid future problems if the call to ajaxEnabled is broken like it is now. Indeed, the call to ajaxEnabled should be done but it is another issue. Maybe someone has created it...
Comment #29
ahebrank CreditAttribution: ahebrank commentedIn the Views source use of ajaxEnabled() is consistent for determining functionality of a View and getOption('use_ajax') is only used for form defaults... EXCEPT for the 8.3.7 SA patch. I think patching core to follow the API is a much cleaner fix here, so I'll open an issue over there.
If it's helpful to anyone, I've been patching projects today with https://gist.githubusercontent.com/ahebrank/70b98af2f4df3c66c432046ec155...
Comment #30
BerdirAgreed, fixing core is better, but that might take longer.
What about keeping ajaxEnbled() and just adding getOption(), with a @todo to the core issue that you're going to open? :)
Comment #31
fmfpereira CreditAttribution: fmfpereira as a volunteer and commented#30 makes sense to me and indeed solves the problem!
Comment #32
samuel.mortensonI looked into the test failures and they're the same as the branch failures - I believe that when Paragraphs releases again these will be resolved, as #2881459: Build failing: Schema errors for field.field.node.paragraphed_content_demo.field_paragraphs_demo with the following errors: field.field.node.paragraphed_content_demo.field_paragraphs_demo:settings.handler_settings.target_bundles is not included in the latest release. There's nothing we can do to fix Paragraphs schema in Entity Browser.
Putting back into needs review.
Comment #33
BerdirWhat we could do is add a composer.json with a require-dev for paragraphs 1.x-dev, but nothing to do here, yes.
Comment #34
susannecoates CreditAttribution: susannecoates as a volunteer commented@berdir Confirming this issue. Your suggestion in #2 above fixed it for me. +1
Comment #35
dddbbb CreditAttribution: dddbbb as a volunteer commentedIs there an issue to follow yet for the core fix?
Comment #36
ahebrank CreditAttribution: ahebrank commentedAdding the link to the core issue.
Comment #37
ahebrank CreditAttribution: ahebrank commentedAdding in @berdir's suggestion in #30.
Comment #38
BerdirThanks. I would suggest we commit that asap, because with that, we don't have to (although it still makes sense) fix all those default and custom entity browser views. Lots of people are experiencing that problem right now.
Comment #39
fagoAgreed, it would be great to get a new release with the fix - we ran into this also (on multiple sites).
However, the patch in #37 has wrong paths so it does not apply. Here is a re-roll.
Comment #40
ahebrank CreditAttribution: ahebrank commentedComment #41
mxh+1 RTBC for #39.
Comment #42
BerdirTypo fix
Comment #43
slashrsm CreditAttribution: slashrsm at MD Systems GmbH commentedCommitted. Thanks!
Comment #45
drfuzetto CreditAttribution: drfuzetto commentedThank you so much for this patch!!!
Comment #46
chuyenlv CreditAttribution: chuyenlv commentedHi everybody, with this bug, you can enable Always show the master (default) display in tab settings of Views, after that you back to the views not working ajax, and set view allow ajax in master display and save this views, all display in this views will update allow ajax.
I did it, and my Entity browser is working.
Comment #47
aprupue CreditAttribution: aprupue commented#46 worked for me. Thanks
Comment #49
keithdoyle9 CreditAttribution: keithdoyle9 commentedDeleted. Not applicable.
Comment #50
oknateI came across this issue because I found a note in the codebase to update Drupal\entity_browser\Plugin\views\display\EntityBrowser::getOption when a core issue landed. I checked and it has landed:
#3044021: Remove EntityBrowser::getOption