Contrib.social

Toolbar causes a Javascript error if the subtrees content changes between page loads

Open on Drupal.org →
Created on 19 November 2023, about 1 year ago
Updated 20 March 2024, 9 months ago

Problem/Motivation

The toolbar subtrees use a hash to determine if access to the subtree should be allowed in ToolbarController::checkSubTreeAccess(). In certain situations the hash does not match, resulting in a JavaScript error and the subtrees not dynamically loading.

Steps to reproduce

  1. Set the admin menu in vertical mode.
  2. Make sure to have a site with 2 languages.
  3. Enable the Account administration pages on Language negotiation > Detection and selection
  4. Set the default language to something non-english
  5. Set an admin language in your user profile other than the default site language (e.g. english).
  6. Go to a content page in your content language
  7. Refresh the cache (I did this from the content page with devel module)
  8. Navigate to an admin page
  9. Observe that the toolbar submenu toggles are not shown and there is a JavaScript error

Temporarily commenting out the hash check from ToolbarController::checkSubTreeAccess() makes the toggles appear again.

Proposed resolution

The hash is calculated from the rendered subtrees, but if the rendered content changes (assumably because the labels are suddenly in another language), the hash no longer matches with the sent one and the access check fails.

I am not entirely sure why the hash is even there, so perhaps this can be added in a comment?

Perhaps create a hash from something that is not language/content dependent (before rendering)?

Remaining tasks

TBD

User interface changes

Hopefully none

API changes

Probably none

Data model changes

Release notes snippet

🐛 Bug report
Status

Closed: duplicate

Version

11.0 🔥

Component
Toolbar 

Last updated 28 days ago

  • Maintained by
  • 🇫🇷France @nod_
Created by

🇳🇱Netherlands neograph734 Netherlands

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @neograph734
  • Comment about 1 year ago
    🇳🇱Netherlands neograph734 Netherlands
  • Comment about 1 year ago
    🇳🇱Netherlands neograph734 Netherlands
  • Comment about 1 year ago
    🇸🇬Singapore huijing

    I have a similar error but not the same use-case. I have this problem with my custom theme when the user is logged in (and can thus view the admin toolbar), but not on an /admin path and thus not using the admin theme. 

    Failed to load resource: the server responded with a status of 403 (Forbidden)
/toolbar/subtrees/tIVl5ln58vFEmCyPTSLbaD9Di9ea7IePkVcscAbCu20?_wrapper_format=drupal_ajax

    The error log looks like this:

    Type	access denied
Date	Tuesday, November 28, 2023 - 11:32
User	superadmin
Location	http://localhost/toolbar/subtrees/tIVl5ln58vFEmCyPTSLbaD9Di9ea7IePkVcscAbCu20?_wrapper_format=drupal_ajax
Referrer	http://localhost/
Message	Path: /toolbar/subtrees/tIVl5ln58vFEmCyPTSLbaD9Di9ea7IePkVcscAbCu20?_wrapper_format=drupal_ajax. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 118 of /web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).
Severity	Warning
Hostname	127.0.0.1
  • Comment 12 months ago
    🇩🇰Denmark kasperg

    I am experiencing the same issue as originally reported.

    The consequences of this situation are now hitting administrative users due to a change in Drupal 10.1 where JavaScript errors are now shown in the UI .

  • Comment 12 months ago
    🇩🇰Denmark kasperg

    I have created an issue fork which provides a temporary workaround for avoiding the visible UI error.

    Instead of checking for hash equality in the access check it is moved to the controller.

    Since this is a workaround instead of a fix I have not created a merge request.

  • Status changed to Needs review 9 months ago
  • Comment 9 months ago
    🇮🇳India zeeshan_khan

    Created patch for the issue.

  • Status changed to Postponed: needs info 9 months ago
  • Comment 9 months ago
    🇺🇸United States smustgrave

    Appears same patch was uploaded on 🐛 Faulty Toolbar Subtree Hash Needs work

    This should be closed as a duplicate if it's fixed in another.

  • Status changed to Closed: duplicate 9 months ago
  • Comment 9 months ago
    🇳🇱Netherlands neograph734 Netherlands

    Thanks @smustgrave, that does indeed look like a duplicate. And I suppose the root cause analyses there also makes more sense.

    The recent patch looks like the hotfix from #6, but I am not convinced of that. I think the initial solution direction of 🐛 Faulty Toolbar Subtree Hash Needs work is a lot better.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024