Response Cached When accessing Status Dashboard Client with incorrect credentials

Created on 16 December 2024, 6 days ago

Problem/Motivation

When accessing the status dashboard with incorrect credentials, the 403 response is cached. Subsequent attempts with correct credentials also result in a 403 response because the cached response is served.

Steps to reproduce

1. Ensure caching is enabled in the Drupal site configuration.
2. Access the status dashboard using incorrect credentials (e.g., invalid API key or user credentials).
3. Observe that the response is a 403 Forbidden.
4. Update the request to use correct credentials.
5. Access the status dashboard again.
6. Observe that the response is still 403 Forbidden, even though the credentials are now valid.

Proposed resolution

Disable caching for the status dashboard route or endpoint access control.
AccessResult::allowedIf($request->headers->get('x-dashboard-secret') === $secret)->setCacheMaxAge(0);

🐛 Bug report

Status

Active

Version

2.0

Component

Code

Created by

🇧🇾Belarus w.drupal

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @w.drupal
Comment 5 days ago →
🇧🇾Belarus aylis

Comment 5 days ago →

System Message

aylis → committed 2b19f007 on 2.0.x

Issue #3494211: Response Cached When accessing Status Dashboard Client...

Comment 5 days ago →
🇧🇾Belarus aylis
There was indeed an issue with dashboard client check endpoint, solved with disabling caching for related route.
Fix is added to latest release →

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024