fix(next): prevent locale upsert when not authenticated (#13621)

rilrom · PatrikKozak · web-flow · commit ece5a95f6473 · 2025-10-02T13:26:01.000-07:00
### What? When `?locale=` is present in an admin panel URL and that admin panel URL is visited in an unauthenticated browser, a runtime error is thrown. ### Why? `upsertPreferences` relies on `req.user` to successfully create a new `payload-preferences` document. When an unauthenticated user visits a URL with a `locale` parameter, `upsertPreferences` is called but `req.user` is not available. ### How? Prevent `upsertPreferences` from being called when `req.user` is not available. Fixes #13581 Co-authored-by: Patrik Kozak <35232443+PatrikKozak@users.noreply.github.com>
diff --git a/packages/next/src/utilities/getRequestLocale.ts b/packages/next/src/utilities/getRequestLocale.ts
@@ -13,7 +13,7 @@ export async function getRequestLocale({ req }: GetRequestLocalesArgs): Promise<
   if (req.payload.config.localization) {
     const localeFromParams = req.query.locale as string | undefined
 
-    if (localeFromParams) {
+    if (req.user && localeFromParams) {
       await upsertPreferences<Locale['code']>({ key: 'locale', req, value: localeFromParams })
     }
 

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ export async function getRequestLocale({ req }: GetRequestLocalesArgs): Promise<`
`13`	`13`	`if (req.payload.config.localization) {`
`14`	`14`	`const localeFromParams = req.query.locale as string \| undefined`
`15`	`15`
`16`		`- if (localeFromParams) {`
	`16`	`+ if (req.user && localeFromParams) {`
`17`	`17`	`await upsertPreferences<Locale['code']>({ key: 'locale', req, value: localeFromParams })`
`18`	`18`	`}`
`19`	`19`