Cached ImmutableTrustedRedirectResponse breaks private files

Created on 19 August 2022, over 2 years ago

Updated 25 January 2023, almost 2 years ago

Problem/Motivation

Redirect to user login in AccessDeniedSubscriber is cached for all users. This breaks viewing private files when a user without permission to view private files views a private file.

Steps to reproduce

Install module.
Submit webform with file field (file stored in private folder).
Anonymous user has no permission to view private files.
Visit private file from webform submission as anonymous user. You will be redirected to user login, this redirect is cached
Visit private file as authenticated user (with permission to view private files). The authenticated user is also redirected to user login, this results in a redirect loop.

Proposed resolution

Add user roles cache context to redirect response.

🐛 Bug report

Status

Fixed

Version

2.0

Component

Code

Created by

grietdk

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024