Problem/Motivation

When a default 404 page is configured (in Configuration > Basic site settings), requests to unknown (non-CE-API) pages get redirected to the frontend.

We want to prevent that.

Steps to reproduce

  • Configure path in page.404 in system.site settings (a.k.a. "Default 404 (not found) page" in admin/config/system/site-information)
  • Visit BACKEND-URL/nonexistent-page
  • Be redirected to the frontend

Proposed resolution

... under discussion in the comments.

Remaining tasks

Decide on implementation.

Likely: take care of the "Default 403 (access denied) page" setting in an equivalent way.

User interface changes

Visiting BACKEND-URL/nonexistent-page will not (be redirected to and) display a neatly rendered page, anymore.

This is not usually a problem, because backend URLs aren't usually visited by people who should see neatly rendered pages.

CommentFileSizeAuthor
#2 Screenshot 2024-04-15 at 09.36.47.png286.68 KBroderik

Issue fork lupus_decoupled-3442110

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

roderik created an issue. See original summary.

roderik’s picture

roderik
Primary language Dutch
Location Amsterdam,NL / Budapest,HU
commented
StatusFileSize
new Screenshot 2024-04-15 at 09.36.47.png286.68 KB

A solution I was tinkering with (diff, no MR yet) cancels the redirection to the frontend, if the page is being rendered by CustomPageExceptionHtmlSubscriber (i.e. it's a subrequest with a 404 code). It then renders the standard 404 page in "whatever default backend view mode".

I personally don't like this as a general addition to this module. Because "whatever default backend view mode" is not necessarily configured to be non-ugly. So the 404 page may come out ugly and even may disclose some information that looks strange.

Example output for https://OUR-SITE'S-BACKEND-DOMAIN/nonexistent-page is attached to this issue as a screenshot, to show what I mean.

Alternative solution, which we should probably impement, is: add an extra class that

  • extends Core's DefaultExceptionHtmlSubscriber (i.e. subscribes to onException)
  • that preempts CustomPageExceptionHtmlSubscriber (higher priority) - i.e. prevents CustomPageExceptionHtmlSubscriber from ever trying to render a frontend node
  • that does the same check as CustomPageExceptionHtmlSubscriber (do we have page.403 or page.404 configured?)
  • and in that case: renders /system/404 (a plain simple "Page not found" message) instead of the actual page.404 path.
fago’s picture

fago
Primary language German
Location Vienna
commented

@roderik

Yes, that seems fine. We should not redirect any 4xx or 5xx errors and show them within Drupal.

Thus, I think the fix is good. But I'd suggest we also test-coverage for that to fix the behavior:
* 4xx / 5xx errors are shown within drupal
* Access frontend route like node/123 redirects to frontend

Not sure whether the seccond part is already covered.

fago’s picture

fago
Primary language German
Location Vienna
commented
Title: Make requests to backend 404 pages not redirect. » Backend 404 pages redirect to the frontend
Category: Task » Bug report
Status: Active » Postponed (maintainer needs more info)

I cannot reproduce the described behavior. If it really happens, it certainly qualifies as bug, thus fixing the category. Please provide steps to reprodocue, e.g. with gitpod test environments.