- Issue created by @sunil_lnwebworks
- Merge request !2Fixes: Authenticated user faces infinite redirect when accessing restricted... → (Open) created by sunil_lnwebworks
Description
When an authenticated user tries to access an admin route that has been added to the URL Access Control module’s restricted URLs list, the site encounters an infinite redirect loop, resulting in a `ERR_TOO_MANY_REDIRECTS` browser error.
This happens because the access restriction logic redirects users to the 403 page, but the check does not account for authenticated users or prevent repeated redirects properly.
The expectation is that restricted admin URLs should either display the 403 Access Denied page or redirect cleanly without causing a redirect loop, even for authenticated users.
Steps to Replicate
1. Install and enable the **URL Access Control** module.
2. Add an **admin route** (e.g., `/admin/people`) to the restricted URLs list in the module's configuration.
3. Ensure you are **logged in as an authenticated user** (who does not have special admin permissions).
4. Directly visit the restricted admin URL in the browser.
5. Observe that the page keeps redirecting repeatedly until the browser shows:
`This page isn’t working — ERR_TOO_MANY_REDIRECTS`.
Expected Behavior
Authenticated users without the right permissions should be cleanly redirected to the 403 Access Denied page or shown an access denied message — without causing infinite redirects.
Actual Behavior
Authenticated users are trapped in an infinite redirect loop between the restricted URL and the 403 page, causing the browser to block the page with a redirect error.
Active
1.0
User interface