U4-11134 - Preview url doesn't redirect to login page when not logged in

Created by Dave Woestenborghs 20 Mar 2018, 09:21:22 Updated by Claus Jensen 22 Mar 2018, 09:29:31

Tags: Unscheduled

Relates to: U4-11090

What did you do? I previewed a page in the browser and copied the url of the preview. If pasted this url in a another browser.

What did you expect to happen? I expected to be redirected to the login page.

What actually happened? I see the navigation of the preview page, but don't see the actual preview (see screenshot)

I discovered this because a client sent me a preview link

Apparently this has been reported earlier, but has been closed due to inactivity : http://issues.umbraco.org/issue/U4-6812

1 Attachments

Comments

Dave Woestenborghs 21 Mar 2018, 08:05:54

Added a very dirty fix in this PR : https://github.com/umbraco/Umbraco-CMS/pull/2526

Is open for discussion.


Shannon Deminick 22 Mar 2018, 08:58:46

in 7.10, preview is handled on the server side, previously this was a public endpoint using a static html page with an iframe. This server side change would just return an unauthorized page, but this update will redirect

PR https://github.com/umbraco/Umbraco-CMS/pull/2532

Testing:

  • log out
  • Go to /umbraco/preview, you will get redirected to the login page
  • log in, go and preview something and it should work
  • Copy the preview url you are looking at into a different browser where you are not logged in and ensure it redirects (to double check)


Claus Jensen 22 Mar 2018, 09:23:18

Confirmed redirects works as described and also confirmed the preview views are still loading as expected through the controller.


Priority: Major

Type: Bug

State: Fixed

Assignee:

Difficulty: Normal

Category: Security

Backwards Compatible: True

Fix Submitted: Pull request

Affected versions: 7.7.0, 7.8.0, 7.7.1, 7.7.2, 7.7.3, 7.7.4, 7.7.5, 7.7.6, 7.7.7, 7.7.8, 7.9.0, 7.7.9, 7.7.10, 7.7.11, 7.8.1, 7.7.12, 7.7.13, 7.9.1, 7.9.2

Due in version: 7.10.0

Sprint: Sprint 81

Story Points: 1

Cycle: 9