-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MC-30171: Add to Cart Form wrong Form Key in FPC #30961
Conversation
Hi @engcom-Golf. Thank you for your contribution
❗ Automated tests can be triggered manually with an appropriate comment:
You can find more information about the builds here ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review. For more details, please, review the Magento Contributor Guide documentation. 🕙 You can find the schedule on the Magento Community Calendar page. 📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket. 🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel ✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel |
@magento run all tests |
|
||
use Magento\Framework\View\Helper\SecureHtmlRenderer; | ||
|
||
$scriptString = <<<HTML |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
his is not HTML, should be <<<JS probably.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should be <<<script
and close with script;
function setFormKeyCookie(value) { | ||
var expires, | ||
secure, | ||
date = new Date(), | ||
isSecure = !!window.cookiesConfig && window.cookiesConfig.secure; | ||
date.setTime(date.getTime() + 86400000); | ||
expires = '; expires=' + date.toUTCString(); | ||
secure = isSecure ? '; secure' : ''; | ||
|
||
document.cookie = 'form_key=' + (value || '') + expires + secure + '; path=/'; | ||
} | ||
function getFormKeyCookie() { | ||
var nameEQ = 'form_key=', | ||
cookieArr = document.cookie.split(';'); | ||
for (var i = 0; i < cookieArr.length; i++) { | ||
var cookie = cookieArr[i]; | ||
while(cookie.charAt(0) == ' ') { | ||
cookie = cookie.substring(1, cookie.length); | ||
}; | ||
if (cookie.indexOf(nameEQ) == 0) { | ||
return cookie.substring(nameEQ.length, cookie.length); | ||
}; | ||
} | ||
return null; | ||
} | ||
function generateCookieString() { | ||
var result = '', | ||
length = 16; | ||
chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; | ||
while (length--) { | ||
result += chars[Math.round(Math.random() * (chars.length - 1))]; | ||
} | ||
return result; | ||
} | ||
var formKey = getFormKeyCookie(); | ||
if (!formKey) { | ||
formKey = generateCookieString(); | ||
setFormKeyCookie(formKey); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Could you not expose all these functions to the global scope, but only the needed (window.formKey)?
- As this code will be added to all pages - maybe it's better to include it as external JS file, so it will be at least cached between the pages OR maybe we can minify it for production mode?
@magento run Functional Tests B2B, Functional Tests CE, Functional Tests EE, Integration Tests |
@magento run all tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you fix one small issue and squash your changes to single commit?
<body> | ||
<referenceBlock name="head.components"> | ||
<block class="Magento\Framework\View\Element\Js\Components" name="pagecache_page_head_components" template="Magento_PageCache::js/components.phtml"/> | ||
</referenceBlock> | ||
<referenceBlock name="head.additional"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like this block could be removed. Could you do that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure thing. accidentally missed it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved logic from head to head.additional block to load asynchronously, won't remove
e2248a3
to
6f68dc5
Compare
@magento run all tests |
Hi @ihor-sviziev, thank you for the review. |
@magento import code to https://github.com/magento-tsg/magento2ce |
@engcom-Kilo the branch with code successfully imported into |
✔️ QA Passed The result is the same like in the comment above #30961 (comment) |
# Conflicts: # app/code/Magento/Checkout/Test/Mftf/Test/StoreFrontFreeShippingRecalculationAfterCouponCodeAddedTest.xml
@magento run all tests |
@magento import code to https://github.com/magento-tsg/magento2ce |
@zakdma the branch with code successfully imported into |
Hi @engcom-Golf, thank you for your contribution! |
Description (*)
Fixes behavior of late form key update by js script. The product could be added to the cart with a cached form_key value that causes an exception.
Related Pull Requests
Fixed Issues (if relevant)
Manual testing scenarios (*)
Expected result:
form_key is the same as in step 4. It is a cached value
Expected result:
Form key value differs from the value on steps 4 and 6
Correct form key value is loaded instantly when the element is rendered
Questions or comments
Script logic in inline_form_key_provider.phtml can not be covered by any kind of automated tests. Just only manual testing.
Contribution checklist (*)