Contrib.social

Webform 'remote_post' handler doesn't exclude fields without access

Open on Drupal.org →
Created on 24 May 2024, 6 months ago

Problem/Motivation

Webform elements without any access '#access': false are always added to the (GET) request of the Webform 'remote_post' handler. This could possibly lead to an invalid request.

Steps to reproduce

  • Create a Webform and add some regular elements and some elements without access '#access': false
  • Add a remote_post handler to execute a (GET) request
  • Note: elements without access are not shown in the 'excluded_data' settings of the handler and thus cannot be selected for exclusion.
  • Submit the Webform and inspect the request that has been sent.

Proposed resolution

- Allow elements without access to be selected in the 'excluded_data' configuration by including them in the configuration form. The 'excluded_data' only provides elements with the 'view' operation as an option to be selected ($webform->getElementsInitializedFlattenedAndHasValue('view')).

- Add a new option to '(always) Exclude fields without access'. Add a checkbox to the configuration of the handler. If checked, always exclude all elements without access from the request data.
I'm aware that excluding all elements without access may not be the best option as they are sometimes useful to be forwarded to the endpoint.

Remaining tasks

Share your opinion on this issue.

User interface changes

Possibly an extra field (checkbox) in the configuration of the 'remote_post' Webform handler.

🐛 Bug report
Status

Needs review

Version

6.2

Component

Code

Created by

🇧🇪Belgium arno_vgh Antwerp

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024