Contrib.social

Theme negotiation API fails for anonymous users during ajax requests

Open on Drupal.org →
Created on 22 February 2022, about 3 years ago
Updated 24 September 2024, 7 months ago

Problem/Motivation

Theme negotiation fails during ajax requests for anonymous users (ex: views exposed filters with ajax enabled).

Steps to reproduce

  • Create a view with exposed filters that displays results as a rendered entity and enable ajax.
  • Create a custom theme negotiator that changes the theme to something other than default for the current view.
  • On initial page load the correct negotiated theme is loaded, but after filtering results the default theme is loaded.

Proposed resolution

AjaxBasePageNegotiator::determineActiveTheme() attempts to validate the theme_token passed as part of the ajax request. This validation will always fail for anonymous users because they don't have an active session.

Remove the CSRF token validation all together

- OR -

Add an additional check to only execute the CSRF validation if the current user is authenticated.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report
Status

Active

Version

11.0 🔥

Component

theme system

Created by

🇺🇸United States j.cowher

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024