Make the @site endpoint public#2022
Open
reebalazs wants to merge 2 commits into
Open
Conversation
The @site endpoint provides the public bootstrap data a frontend needs before rendering anything (site title, logo, languages, timezone, feature flags). With permission zope2.View it returns 401 for anonymous requests on sites that restrict View on the site root to authenticated users (e.g. intranets), which breaks frontend bootstrapping before login. Register it with zope.Public instead.
|
@reebalazs thanks for creating this Pull Request and helping to improve Plone! TL;DR: Finish pushing changes, pass all other checks, then paste a comment: To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically. Happy hacking! |
Documentation build overview
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
@siteendpoint provides the public bootstrap data a frontend needs before it can render anything: site title, logo, available/default languages, portal timezone, thefeaturesdict, and whateverISiteEndpointExpanderadapters contribute.It is currently registered with
permission="zope2.View", checked against the site root. On sites that restrict the View permission on the site root to authenticated users — e.g. intranets such as the ones built with kitconcept.intranet, where a restricted workflow grants View on published content only toAuthenticated— anonymous requests to/@sitereturn 401.This breaks frontend bootstrapping: Volto fetches
/@siteonce at SSR time, typically while the user is still anonymous, and add-ons relying on expander data (e.g.@kitconcept/volto-solrreadingcollective.solr.activeto decide which search UI to render) silently misbehave for the entire session, since the post-login redirect is a client-side route transition that never re-runs SSR.Real-world manifestation: https://gitlab.kitconcept.io/kitconcept/kitconcept-intranet/-/work_items/127 (after Google login, the old search page shows instead of the Solr one).
Fix
Register the
@siteservice withpermission="zope.Public", matching its design contract: it serves only data that is needed before authentication and safe to disclose publicly.GET /@sitereturns 200 even when View is revoked from Anonymous on the site root (fails with 401 before the change).zope2.Viewmention, added a warning to the expander section that expander data is publicly visible.Pinging @davisagli as the author of the
ISiteEndpointExpandermechanism (#1921).📚 Documentation preview 📚: https://plonerestapi--2022.org.readthedocs.build/