Skip to content

Commit

Permalink
Store the referrer by default in backend scope (see #7227)
Browse files Browse the repository at this point in the history
Description
-----------

#7190

This implements my opt-out suggestion from #7190 (comment).

Any back end route will now store the referrer by default - but you can opt-out via `_store_referrer: false` in your route defaults/attributes.

/cc @ameotoko

Commits
-------

cadf65a Always store referrer for backend _scope
0cfb6ec Make the configuration explicit

Co-authored-by: leofeyer <1192057+leofeyer@users.noreply.github.com>
  • Loading branch information
fritzmg and leofeyer committed May 21, 2024
1 parent 5c6558a commit 4b9ce83
Show file tree
Hide file tree
Showing 7 changed files with 18 additions and 14 deletions.
20 changes: 10 additions & 10 deletions core-bundle/src/Controller/BackendController.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public function mainAction(): Response
}

/**
* @Route("/login", name="contao_backend_login")
* @Route("/login", name="contao_backend_login", defaults={"_store_referrer" = false})
*/
public function loginAction(Request $request): Response
{
Expand All @@ -77,15 +77,15 @@ public function loginAction(Request $request): Response
/**
* Symfony will un-authenticate the user automatically by calling this route.
*
* @Route("/logout", name="contao_backend_logout")
* @Route("/logout", name="contao_backend_logout", defaults={"_store_referrer" = false})
*/
public function logoutAction(): RedirectResponse
{
return $this->redirectToRoute('contao_backend_login');
}

/**
* @Route("/password", name="contao_backend_password")
* @Route("/password", name="contao_backend_password", defaults={"_store_referrer" = false})
*/
public function passwordAction(): Response
{
Expand All @@ -97,7 +97,7 @@ public function passwordAction(): Response
}

/**
* @Route("/confirm", name="contao_backend_confirm")
* @Route("/confirm", name="contao_backend_confirm", defaults={"_store_referrer" = false})
*/
public function confirmAction(): Response
{
Expand All @@ -109,7 +109,7 @@ public function confirmAction(): Response
}

/**
* @Route("/file", name="contao_backend_file")
* @Route("/file", name="contao_backend_file", defaults={"_store_referrer" = false})
*
* @deprecated Deprecated since Contao 4.13, to be removed in Contao 5.0.
* Use the picker instead.
Expand All @@ -126,7 +126,7 @@ public function fileAction(): Response
}

/**
* @Route("/help", name="contao_backend_help")
* @Route("/help", name="contao_backend_help", defaults={"_store_referrer" = false})
*/
public function helpAction(): Response
{
Expand All @@ -138,7 +138,7 @@ public function helpAction(): Response
}

/**
* @Route("/page", name="contao_backend_page")
* @Route("/page", name="contao_backend_page", defaults={"_store_referrer" = false})
*
* @deprecated Deprecated since Contao 4.13, to be removed in Contao 5.0.
* Use the picker instead.
Expand All @@ -155,7 +155,7 @@ public function pageAction(): Response
}

/**
* @Route("/popup", name="contao_backend_popup")
* @Route("/popup", name="contao_backend_popup", defaults={"_store_referrer" = false})
*/
public function popupAction(): Response
{
Expand All @@ -167,7 +167,7 @@ public function popupAction(): Response
}

/**
* @Route("/alerts", name="contao_backend_alerts")
* @Route("/alerts", name="contao_backend_alerts", defaults={"_store_referrer" = false})
*/
public function alertsAction(): Response
{
Expand All @@ -183,7 +183,7 @@ public function alertsAction(): Response
* It will determine the current provider URL based on the value, which is usually
* read dynamically via JavaScript.
*
* @Route("/picker", name="contao_backend_picker")
* @Route("/picker", name="contao_backend_picker", defaults={"_store_referrer" = false})
*/
public function pickerAction(Request $request): RedirectResponse
{
Expand Down
2 changes: 1 addition & 1 deletion core-bundle/src/Controller/BackendPreviewController.php
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
* requested front end page while ensuring that the /preview.php entry point is
* used. When requested, the front end user gets authenticated.
*
* @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_allow_preview" = true})
* @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_allow_preview" = true, "_store_referrer" = false})
*/
class BackendPreviewController
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
* b) Provide the member usernames for the datalist
* c) Process the switch action (i.e. log in a specific front end user).
*
* @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_allow_preview" = true})
* @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_allow_preview" = true, "_store_referrer" = false})
*/
class BackendPreviewSwitchController
{
Expand Down
3 changes: 2 additions & 1 deletion core-bundle/src/EventListener/StoreRefererListener.php
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,8 @@ private function canModifyBackendSession(Request $request): bool
&& !$request->query->has('token')
&& !$request->query->has('state')
&& 'feRedirect' !== $request->query->get('do')
&& 'contao_backend' === $request->attributes->get('_route')
&& 'backend' === $request->attributes->get('_scope')
&& false !== $request->attributes->get('_store_referrer')
&& !$request->isXmlHttpRequest();
}

Expand Down
2 changes: 2 additions & 0 deletions core-bundle/src/Resources/config/routes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ contao_backend_redirect:
defaults:
_scope: backend
_controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController::redirectAction
_store_referrer: false
route: contao_backend
permanent: true

Expand All @@ -20,6 +21,7 @@ contao_backend_fallback:
defaults:
_scope: backend
_controller: Symfony\Bundle\FrameworkBundle\Controller\TemplateController
_store_referrer: false
template: '@ContaoCore\Error\backend.html.twig'
context:
template: '@ContaoCore\Error\backend.html.twig'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,7 @@ public function testDoesNotStoreTheRefererIfTheBackEndSessionCannotBeModified():
$request = new Request();
$request->setSession($session);
$request->attributes->set('_scope', ContaoCoreBundle::SCOPE_BACKEND);
$request->attributes->set('_store_referrer', false);

$listener = $this->getListener($this->createMock(User::class));
$listener($this->getResponseEvent($request));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
use Symfony\Component\Routing\Annotation\Route;

/**
* @Route("%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_token_check" = true})
* @Route("%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_token_check" = true, "_store_referrer" = false})
*
* @internal
*/
Expand Down

0 comments on commit 4b9ce83

Please sign in to comment.