Always store referrer for backend _scope

contao · May 18, 2024 · cadf65a · cadf65a
1 parent 5c6558a
commit cadf65a
Show file tree

Hide file tree

Showing 7 changed files with 10 additions and 6 deletions.
diff --git a/core-bundle/src/Controller/BackendController.php b/core-bundle/src/Controller/BackendController.php
@@ -31,14 +31,14 @@
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_token_check" = true})
+ * @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_token_check" = true, "_store_referrer" = false})
  *
  * @internal
  */
 class BackendController extends AbstractController
 {
     /**
-     * @Route("", name="contao_backend")
+     * @Route("", name="contao_backend", defaults={"_store_referrer" = true})
      */
     public function mainAction(): Response
     {

diff --git a/core-bundle/src/Controller/BackendPreviewController.php b/core-bundle/src/Controller/BackendPreviewController.php
@@ -27,7 +27,7 @@
  * requested front end page while ensuring that the /preview.php entry point is
  * used. When requested, the front end user gets authenticated.
  *
- * @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_allow_preview" = true})
+ * @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_allow_preview" = true, "_store_referrer" = false})
  */
 class BackendPreviewController
 {

diff --git a/core-bundle/src/Controller/BackendPreviewSwitchController.php b/core-bundle/src/Controller/BackendPreviewSwitchController.php
@@ -37,7 +37,7 @@
  * b) Provide the member usernames for the datalist
  * c) Process the switch action (i.e. log in a specific front end user).
  *
- * @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_allow_preview" = true})
+ * @Route(path="%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_allow_preview" = true, "_store_referrer" = false})
  */
 class BackendPreviewSwitchController
 {

diff --git a/core-bundle/src/EventListener/StoreRefererListener.php b/core-bundle/src/EventListener/StoreRefererListener.php
@@ -92,7 +92,8 @@ private function canModifyBackendSession(Request $request): bool
             && !$request->query->has('token')
             && !$request->query->has('state')
             && 'feRedirect' !== $request->query->get('do')
-            && 'contao_backend' === $request->attributes->get('_route')
+            && 'backend' === $request->attributes->get('_scope')
+            && false !== $request->attributes->get('_store_referrer')
             && !$request->isXmlHttpRequest();
     }
 

diff --git a/core-bundle/src/Resources/config/routes.yml b/core-bundle/src/Resources/config/routes.yml
@@ -12,6 +12,7 @@ contao_backend_redirect:
     defaults:
         _scope: backend
         _controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController::redirectAction
+        _store_referrer: false
         route: contao_backend
         permanent: true
 
@@ -20,6 +21,7 @@ contao_backend_fallback:
     defaults:
         _scope: backend
         _controller: Symfony\Bundle\FrameworkBundle\Controller\TemplateController
+        _store_referrer: false
         template: '@ContaoCore\Error\backend.html.twig'
         context:
             template: '@ContaoCore\Error\backend.html.twig'

diff --git a/core-bundle/tests/EventListener/StoreRefererListenerTest.php b/core-bundle/tests/EventListener/StoreRefererListenerTest.php
@@ -240,6 +240,7 @@ public function testDoesNotStoreTheRefererIfTheBackEndSessionCannotBeModified():
         $request = new Request();
         $request->setSession($session);
         $request->attributes->set('_scope', ContaoCoreBundle::SCOPE_BACKEND);
+        $request->attributes->set('_store_referrer', false);
 
         $listener = $this->getListener($this->createMock(User::class));
         $listener($this->getResponseEvent($request));

diff --git a/installation-bundle/src/Controller/InstallationController.php b/installation-bundle/src/Controller/InstallationController.php
@@ -30,7 +30,7 @@
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_token_check" = true})
+ * @Route("%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_token_check" = true, "_store_referrer" = false})
  *
  * @internal
  */