From 65f7b61c1f55594607dfa152acec83a035d8aa5c Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Wed, 3 Dec 2025 14:10:09 +0000 Subject: [PATCH] Sessions: Ignored extra meta/dist content in history tracking For #5925 Added tests to cover. Extracted existing test to place with similiar sessions tests --- app/Http/Middleware/StartSessionExtended.php | 5 +- tests/SessionTest.php | 53 ++++++++++++++++++++ tests/Uploads/ImageTest.php | 23 --------- 3 files changed, 57 insertions(+), 24 deletions(-) create mode 100644 tests/SessionTest.php diff --git a/app/Http/Middleware/StartSessionExtended.php b/app/Http/Middleware/StartSessionExtended.php index 26cd250ac..8c5c7cf18 100644 --- a/app/Http/Middleware/StartSessionExtended.php +++ b/app/Http/Middleware/StartSessionExtended.php @@ -14,7 +14,10 @@ use Illuminate\Session\Middleware\StartSession as Middleware; class StartSessionExtended extends Middleware { protected static array $pathPrefixesExcludedFromHistory = [ - 'uploads/images/' + 'uploads/images/', + 'dist/', + 'manifest.json', + 'opensearch.xml', ]; /** diff --git a/tests/SessionTest.php b/tests/SessionTest.php new file mode 100644 index 000000000..3a1300722 --- /dev/null +++ b/tests/SessionTest.php @@ -0,0 +1,53 @@ +set('filesystems.images', 'local_secure'); + $this->asEditor(); + $page = $this->entities->page(); + $result = $this->files->uploadGalleryImageToPage($this, $page); + $expectedPath = storage_path($result['path']); + $this->assertFileExists($expectedPath); + + $this->get('/books'); + $this->assertEquals(url('/books'), session()->previousUrl()); + + $resp = $this->get($result['path']); + $resp->assertOk(); + $resp->assertHeader('Content-Type', 'image/png'); + + $this->assertEquals(url('/books'), session()->previousUrl()); + + if (file_exists($expectedPath)) { + unlink($expectedPath); + } + } + + public function test_pwa_manifest_is_not_tracked_in_session_history() + { + $this->asEditor()->get('/books'); + $this->get('/manifest.json'); + + $this->assertEquals(url('/books'), session()->previousUrl()); + } + + public function test_dist_dir_access_is_not_tracked_in_session_history() + { + $this->asEditor()->get('/books'); + $this->get('/dist/sub/hello.txt'); + + $this->assertEquals(url('/books'), session()->previousUrl()); + } + + public function test_opensearch_is_not_tracked_in_session_history() + { + $this->asEditor()->get('/books'); + $this->get('/opensearch.xml'); + + $this->assertEquals(url('/books'), session()->previousUrl()); + } +} diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php index f36be8702..2aad158c9 100644 --- a/tests/Uploads/ImageTest.php +++ b/tests/Uploads/ImageTest.php @@ -429,29 +429,6 @@ class ImageTest extends TestCase } } - public function test_secure_images_not_tracked_in_session_history() - { - config()->set('filesystems.images', 'local_secure'); - $this->asEditor(); - $page = $this->entities->page(); - $result = $this->files->uploadGalleryImageToPage($this, $page); - $expectedPath = storage_path($result['path']); - $this->assertFileExists($expectedPath); - - $this->get('/books'); - $this->assertEquals(url('/books'), session()->previousUrl()); - - $resp = $this->get($result['path']); - $resp->assertOk(); - $resp->assertHeader('Content-Type', 'image/png'); - - $this->assertEquals(url('/books'), session()->previousUrl()); - - if (file_exists($expectedPath)) { - unlink($expectedPath); - } - } - public function test_system_images_remain_public_with_local_secure_restricted() { config()->set('filesystems.images', 'local_secure_restricted');