Merge branch 'next-36872/auto-imported-from-github' into 'trunk'

NEXT-36872 - Add fragment path snippet to url whitelist See merge request shopware/6/product/platform!14103
Lets-Talk-NL · Jul 15, 2024 · 8ad1fef · 8ad1fef
2 parents b45d497 + b9c5496
commit 8ad1fef
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 2 deletions.
diff --git a/...sed/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md b/...sed/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md
@@ -0,0 +1,10 @@
+---
+title: Add path required to run profiler to storefront url whitelist
+issue: NEXT-36872
+author: Benedikt Brunner
+author_email: benedikt.brunner@pickware.de
+author_github: Benedikt-Brunner
+---
+___
+# Storefront
+*  Added the `/_fragment` url-snippet to the allow list of the `RequestTransformer`
diff --git a/src/Storefront/Framework/Routing/RequestTransformer.php b/src/Storefront/Framework/Routing/RequestTransformer.php
@@ -75,12 +75,13 @@ class RequestTransformer implements RequestTransformerInterface
     /**
      * @var array<string>
      */
-    private array $whitelist = [
+    private array $allowedList = [
         '/_wdt/',
         '/_profiler/',
         '/_error/',
         '/payment/finalize-transaction',
         '/installer',
+        '/_fragment/',
     ];
 
     /**
@@ -243,7 +244,7 @@ private function isSalesChannelRequired(string $pathInfo): bool
             }
         }
 
-        foreach ($this->whitelist as $prefix) {
+        foreach ($this->allowedList as $prefix) {
             if (str_starts_with($pathInfo, $prefix)) {
                 return false;
             }

diff --git a/tests/unit/Storefront/Framework/Routing/RequestTransformerTest.php b/tests/unit/Storefront/Framework/Routing/RequestTransformerTest.php
@@ -89,5 +89,36 @@ public static function notRequiredSalesChannelProvider(): iterable
             'registeredApiPrefixes' => ['api'],
             'requestUri' => 'http://shopware.com//api//',
         ];
+
+        // Allowedlist paths:
+        yield '_wdt case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/_wdt/',
+        ];
+
+        yield '_profiler case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/_profiler/',
+        ];
+
+        yield '_error case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/_error/',
+        ];
+
+        yield 'payment finalize-transaction case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/payment/finalize-transaction/',
+        ];
+
+        yield 'installer case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/installer',
+        ];
+
+        yield '_fragment case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/_fragment/',
+        ];
     }
 }