Contrib.social

Cache contexts used are not compatible with dynamic cache context

Open on Drupal.org →
Created on 27 May 2024, 11 months ago
Updated 7 June 2024, 10 months ago

Problem/Motivation

Currently, when node authlink is being used, the page response is returning the header 'X-Drupal-Dynamic-Cache: UNCACHEABLE'. This is happening because node_authlink is caching the access per user: https://git.drupalcode.org/project/node_authlink/-/blob/8.x-1.x/src/Acce...

The reason why it happens is that Auto-placeholdering , with default configuration, is marking the dynamic cache as uncacheable when there are a user cache context.

Steps to reproduce

1. Install and configure node authlink
2. Ensure renderer.config auto_placeholder_conditions are configured by default:

  renderer.config:
    auto_placeholder_conditions:
      max-age: 0
      contexts: ['session', 'user']
      tags: []

Proposed resolution

Cache access per URL, so when the node authlink URL is set the access is calculated again.

🐛 Bug report
Status

Needs review

Version

2.0

Component

Code

Created by

🇪🇸Spain omarlopesino

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @omarlopesino
  • Merge request !12Issue #3450094: Cache contexts used are not compatible with dynamic cache context → (Open) created by omarlopesino
  • Pipeline finished with Success
    11 months ago
    Total: 206s
    #183280
  • Status changed to Needs review 11 months ago
  • Comment 11 months ago
    🇪🇸Spain omarlopesino

    I've just created a MR using URL cache contexts. I've tested manually and node Authlink works as usual:

    - The Authlink URL only works on the proper URL.
    - When the Authlink is removed, if I try to enter the Authlink URL on a browser without session, I get an access denied.

    Please review, thanks!

  • Comment 11 months ago
    🇪🇸Spain omarlopesino

    I would like to propose adding tests to the module. This issue affects the node access and having tests may prevent regressions or future security issues.

  • Assigned to tunic
  • Comment 11 months ago
    🇪🇸Spain tunic Madrid

    I'm wondering if the module should enable caching.

    I mean, the module decorates the EntityAccessCheck but that class does not add any caching information. And given that NodeAuthlink always adds caching information on any AccessResult it means any URL that calls the entity check access uses the cache info added by the module.

    I think this may be too drastic. So I think the caching info should only be added for URLs handled by the module or even remove it completely. Anybody that has the URL should be able to access, so no need to cache by user.

    Ill try add some automated tests to be sure which approach is the good one.

  • Comment 11 months ago
    🇪🇸Spain tunic Madrid
  • Pipeline finished with Success
    10 months ago
    Total: 169s
    #193528
  • Comment 10 months ago
    🇪🇸Spain omarlopesino

    I've updated the patch to not use access contexts. In my tests, the module behaves as usual. Pending to review with the tests that will be added at https://www.drupal.org/project/node_authlink/issues/3450411 📌 Add automated tests Active

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024