- ๐บ๐ธUnited States brad.bulger
I believe that in most of the cases where this error shows up in my logs, the client has made a GET request to /contextual/render. It looks like bots that are monitoring all the URLs accessed by a page request and trying to hit all of them. So they make a normal request to some page on the site, which triggers an ajax event that does a POST to /contextual/render, and somehow they see that URL and try to follow it.
I think it would be preferable to just silently fail in that case, versus the BadRequestHttpException. I certainly get a ton of these errors and they're effectively meaningless.
- Status changed to Active
24 days ago 7:29pm 10 July 2025 - ๐บ๐ธUnited States brad.bulger
It is trivially easy to generate this error in one way - do a GET request of /contextual/render. But the question is, I suppose, is that a bug?
If people are getting this error from a normal context, the contextual links for an element on a webpage, that's likely a different problem. My only suggestion would be to add code to where the exception is being thrown - Drupal\\contextual\\ContextualController::render() for me - that writes the current request out to the error log.
- ๐ณ๐ฟNew Zealand quietone
Drupal 9 is EOL. Does this happen on a supported version of Drupal?
- ๐บ๐ธUnited States brad.bulger
Yes, of course.
I tried building an 11.x example at simplytest.me and the status came up as "This version of Drupal is no longer supported"?? The 11.2.x build comes up in 11.2.3-dev. These are all limitations of simplytest.me.
Just spin up a core Drupal instance there and log in as admin/admin, then go to the path /contextual/render in the browser - eg
https://master-yegb7y4mz13n4rdqlxwabk2v5vqfrni6.tugboatqa.com/contextual...What I see is a white screen with "No contextual ids specified." In the error log, this is the error:
Type client error
Date Friday, 11 July 2025 - 17:00
User admin
Location https://master-yegb7y4mz13n4rdqlxwabk2v5vqfrni6.tugboatqa.com/contextual...
Referrer
Message Symfony\Component\HttpKernel\Exception\BadRequestHttpException: No contextual ids specified. in Drupal\contextual\ContextualController->render() (line 66 of /var/lib/tugboat/stm/web/core/modules/contextual/src/ContextualController.php).
Severity WarningNone of this is anything other than what you would expect it to do, I don't think. As I said, the question is, is this a bug? Should it be failing like this in this circumstance?
If people are seeing normal valid AJAX POST requests to /contextual/render that have no ids, that's a different problem. So far I don't have evidence of that but it's tricky to separate the two cases.
I am connecting the issue that added this behavior.
It's intentional that requests to
/contextual/renderwith no IDs results in this responseโof course Drupal does so and it is tested to be true. As far as I know these requests are always invalid and are always client error. A 400 response is appropriate. In additiontokensis also required and produces a 400 too.I agree we would have to understand if there are what people think are valid requests to
/contextual/renderfailing in 2025.To be a bug we need steps to reproduce involving valid contextual link setups that experience this behavior. I don't think there are any because Drupal has been configured for a long time to reject these requests.
To change the behavior is a different matter. In my opinion we should not. A web application firewall or web server configuration can block these bad requests to avoid them ever getting to Drupal.
So @brad.bulger, I pretty much agree with you and I think this should be closed as not having steps to reproduce.