Alias starting with contao doesn't work in 4.5

[m-knorr]

If you create a page with a title that contains contao as first string, the generated alias is correct. But you can't reach the page in the frontend.

Tested this behaviour in 4.5 where it doesn't work. Direct redirect to the root Url.

In 4.4 it works as expected.

Example Title was Contao Demo an the alias corresponding to that contao-demo

[xchs]

I can confirm the issue, too.

In Contao 4.6.x-dev I get an Error 401 Unauthorized when page contao-demo.html is requested.:

Oops! An Error Occurred
The server returned a "401 Unauthorized".
Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.

[leofeyer]

@contao/developers To fix this, we have to adjust the access_control path regex.

    access_control:
        - { path: ^/contao/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/contao, roles: ROLE_USER }

However, I don't know what regex to use? Something like ^/contao/?$?

[aschempp]

It would rather be something like ^/contao(/|$)

[aschempp]

Not sure about the query string, but that's probably not in path?

[dmolineus]

So known limitation would still be that there still can't be a folder url starting with /contao, right? Maybe this should be checked when saving an alias.

[Toflar]

I agree with @dmolineus I don't think it's generally a good idea to support anything starting with contao in an alias because we might kill it in future...let's say you have a page about Contao's OAuth mechanism (saying that it doesn't exist yet 😄 ) on /contao/oauth and we introduce it in the future and suddenly /contao/oauth becomes a route with a special meaning. Imho aliases starting with contao and _ (for internal routes) should be disallowed.

[m-knorr]

But it’s not so usable in case of SEO, I think a lot are using these aliases for special SEO Landing Pages concerning their Contao benefits.

Maybe it’s worth considering to replace the contao with a „/backend“ or „/admin“?!

Am 09.08.2018 um 09:45 schrieb Yanick Witschi <notifications@github.com mailto:notifications@github.com>:

I agree with @dmolineus https://github.com/dmolineus I don't think it's generally a good idea to support anything starting with contao in an alias because we might kill it in future...let's say you have a page about Contao's OAuth mechanism (saying that it doesn't exist yet 😄 ) on /contao/oauth and we introduce it in the future and suddenly /contao/oauth becomes a route with a special meaning. Imho aliases starting with contao and _ (for internal routes) should be disallowed.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/contao/core-bundle/issues/1646#issuecomment-411668430, or mute the thread https://github.com/notifications/unsubscribe-auth/AMvlMyu4In4aapvsow6z0MQ15AqCX4akks5uO-izgaJpZM4Vml_C.

[Toflar]

Replacing /contao by /admin would solve zero of the problems because then "SEO people" could not optimize for "admin" anymore. Or whatever they do all day long...

[contaoacademy]

What happens to existing pages with aliases starting with contao*? I would prefer only path restriction.

[aschempp]

Maybe we should just secure our controllers and drop access_control? https://symfony.com/doc/master/bundles/SensioFrameworkExtraBundle/annotations/security.html

[leofeyer]

Folder aliases starting with contao/ will not work anyway, because they are treated as back end routes. However, we have to support aliases such as contao-partner.html.

Maybe we should just secure our controllers and drop access_control?

Then every third-party back end controller, which is not secured, would be publicly visible. Not too good an idea. 😄

[contaoacademy]

Folder aliases are no problem for me. But I also use many aliases starting with contao-

contao-blog contao-kurse …

[leofeyer]

Fixed in contao/manager-bundle@d6518c7550c77f1b0180c8c1c3a44737fc985abc.