search

serlo / serlo.org-legacy

Legacy implementation of https://serlo.org/
https://serlo.org/
Apache License 2.0
18 stars 3 forks source link

Fix error when entity children are ordered #621

Closed kulla closed 3 years ago

kulla commented 3 years ago

This fixes an error when the children of an entity are ordered in the local environment since the new site cannot be rendered.

Description of current error

When the order of course pages are changed by the following tool

2021-04-27-161503_939x429_scrot

there is an error displayed clicking the "save" button:

2021-04-27-164514_1246x463_scrot

The reason of the error

Currently after changing the order with the POST request there is a redirect to the new course page https://github.com/serlo/serlo.org/blob/7e75da6d79ba04f1d592dec6e73ae3d4c1d52d82/packages/public/server/src/module/Entity/src/Controller/LinkController.php#L50-L83 However the new course page cannot be displayed since the following error occurs 2021-04-27-165152_947x500_scrot

The fix is to not redirect to the new course but to return a success immediately.

kulla commented 3 years ago

@inyono This bug only occurs in the local environment. Do you have an idea why?

kulla commented 3 years ago

Okay, what I found. Accessing a course with the header `X-Requested-With: XMLHttpRequest' seems to cause the error:

▶ curl -I 'http://de.serlo.localhost:4567/132420' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: http://de.serlo.localhost:4567/entity/link/order/132416/link' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: PHPSESSID=hpb5v8jiu45uu18mek6u0p82p2; CSRF=64404a3bd7516bf637d79448331259bd; authenticated=1'
HTTP/1.1 500 Internal Server Error
Date: Tue, 27 Apr 2021 16:53:00 GMT
Server: Apache/2.4.43 (Unix)
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8

Same request without -H 'X-Requested-With: XMLHttpRequest':

▶ curl -I 'http://de.serlo.localhost:4567/132420' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed  -H 'Referer: http://de.serlo.localhost:4567/entity/link/order/132416/link' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: PHPSESSID=hpb5v8jiu45uu18mek6u0p82p2; CSRF=64404a3bd7516bf637d79448331259bd; authenticated=1'                        
HTTP/1.1 200 OK                                                                  
Date: Tue, 27 Apr 2021 16:53:17 GMT                                              
Server: Apache/2.4.43 (Unix)                                                     
X-Powered-By: PHP/7.0.33                                                         
Expires: Thu, 19 Nov 1981 08:52:00 GMT                                           
Cache-Control: no-store, no-cache, must-revalidate                               
Pragma: no-cache                                                                 
Keep-Alive: timeout=5, max=100                                                   
Connection: Keep-Alive                                                           
Content-Type: text/html; charset=UTF-8

My guess: X-Requested-With: XMLHttpRequest is removed in production somehow.

kulla commented 3 years ago

@inyono I think the implementation of this PR is better and should work in production as well. Here, the code in the client so you can check this https://github.com/serlo/serlo.org/blob/7e75da6d79ba04f1d592dec6e73ae3d4c1d52d82/packages/public/client/src/main/modules/sortable_list.js#L172-L196