search

silverstripe / silverstripe-cms

Silverstripe CMS - this is a module for Silverstripe Framework rather than a standalone app. Use https://github.com/silverstripe/silverstripe-installer/ to set this up.
http://silverstripe.org/
BSD 3-Clause "New" or "Revised" License
516 stars 333 forks source link

Static error pages not generated if site access is restricted #1390

Open xini opened 8 years ago

xini commented 8 years ago

If access to a whole site is restricted to logged in users, the static versions of the error pages are not generated. ErrorPage::doPublish() and ErrorPage::requireDefaultRecords() rely on Director::test(Director::makeRelative($page->Link())) to get the page content, which gives the following response if the site is restricted:

SS_HTTPResponse Object
(
    [statusCode:protected] => 404
    [statusDescription:protected] => Not Found
    [headers:protected] => Array
        (
            [Content-Type] => text/html; charset=utf-8
            [Location] => /Security/login?BackURL=%2Ferrors%2Fpage-not-found%2F
        )

    [body:protected] => 
)

The body is empty and therefore the content can't be written into the file. (Why that status code is 404 instead of 401 is another issue.) I have tried to pass the current session to the Director::test() call, which works, but then unpublished content might be exposed in the static version. Any ideas how to solve this?

Comparing the two cases in ErrorPage::doPublish() and ErrorPage::requireDefaultRecords(), the doPublish version doesn't check if the content has actually been written (see the $written var in requireDefaultRecords()).

Following to this, if a site is restricted, shouldn't error pages generally be visible anyway?

Also, there is no feedback to the CMS user that the generation of the static files failed. Is that intentional?

tractorcow commented 8 years ago

Looks like a legit bug to me!

sb-relaxt-at commented 8 years ago

Just got the same issue when doing a dev/build. The error-xxx.html is written/created but without content, which results in a wrong error message ("error page could not be created at ... Please check permissions").

dhensby commented 8 years ago

We need a way to render pages without making fake requests :/

tractorcow commented 8 years ago

Unfortunately it's risky in that there are few ways that you can safely reset the global state for a single page render. I would put this as a dependency of a new state system.

baukezwaan commented 4 years ago

Still true for SS4 unfortunately...

But at least this page helped me fixing the (one time) generation of the static files while doing a dev/build...