Contrib.social

Previews fails if user is not logged into the frontend

Open on Drupal.org →
Created on 13 November 2024, 5 months ago

Problem

Since we moved to a separate frontend login by default, we created a new problem: A user who is only logged into the backend, but not the frontend, would have not permission to access the preview routes in the frontend.

Mitigation: Log into the frontend, then the preview works as usual.

Steps to reproduce

Use gitpod. Do not log into the frontend. Edit content, press preview.

🐛 Bug report
Status

Active

Version

1.0

Component

Code

Created by

🇦🇹Austria fago Vienna

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @fago
  • Comment 5 months ago
    🇦🇹Austria fago Vienna
  • Comment 4 months ago
    🇦🇹Austria fago Vienna

    The LupusCSR theme solution adds quite some additional complexity, since it is requiring both the theme and a nuxt server to be there and working.

    Let's explore other options to find somehing simpler:

    Option A) Use client-side rendering for preview routes and directly access the backend API, so he cookie is sent. Needs the working CORS setup and might face some problems with privacy-aware browsers not sending the cookie to a 3rd party cookie domain

    Option B) add a drupal /proxy/, which proxies the frontend SSR and displays the frontend under the backend domain. This needs some JS/CSS rewriting for the new base URL so they are loaded from an absolute path..

    Optiona A would be probably the simplest, since it is re-using things which are already exising, the CORS submodule and CSR feature of nuxt. Let's give it some test with latest browsers. With chrome not killing 3rd party cookies this might be good enough.

  • Comment 4 months ago
    🇦🇹Austria fago Vienna

    Test of option A was quite positiv, tested both latest firefox and chrome, with default privcacy options (firefox) enabled + an active adblocker. No problems a all, when nuxt ssr is set to false, CSR kicks in and the preview works just fine.

    Thus, option A is viable! We need to make sure the frontend applies CSR and disables the server-proxy for the preview routes so the API communication happens direct. We can set some custom route-rule for CSR, for the disabling of the server-proxy we miss he per route option. So this might need some work in nuxtjs-drupal-ce to make it work.

  • Status changed to Needs review 3 months ago
  • Comment 3 months ago
    🇦🇹Austria fago Vienna

    ok, this is completed and ready to be tested. Here is the change with the update, which shall fix this.
    https://github.com/drunomics/lupus-decoupled-nuxt3-demo/pull/68

  • Comment 3 months ago
    🇦🇹Austria fago Vienna

    ok, finally got it to run. test results:
    node/preview/* route failed, the route is wrongly at /preview/* at the moment. after fixing this it works.
    node/1/layout-preview seems to work fine

    created fix at https://github.com/drunomics/nuxtjs-drupal-ce/pull/304 and testing this now.

  • Comment 3 months ago
    🇦🇹Austria fago Vienna

    Works now! Thus, merged the update to the naked-demo :-)

  • Comment 2 months ago
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024