From 59a391e5e9697c044bd7d12c153867ed4ed47dbf Mon Sep 17 00:00:00 2001
From: benedikt brunner <122370755+Benedikt-Brunner@users.noreply.github.com>
Date: Mon, 10 Jun 2024 07:06:49 +0000
Subject: [PATCH 1/2] NEXT-36872 - Add fragment path snippet to url whitelist
 fixes #3759

---
 ...ired-to-run-profiler-to-storefront-url-whitelist.md | 10 ++++++++++
 .../Framework/Routing/RequestTransformer.php           |  1 +
 2 files changed, 11 insertions(+)
 create mode 100644 changelog/_unreleased/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md

diff --git a/changelog/_unreleased/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md b/changelog/_unreleased/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md
new file mode 100644
index 00000000000..9a37b2fa9b0
--- /dev/null
+++ b/changelog/_unreleased/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md
@@ -0,0 +1,10 @@
+---
+title: Add path required to run profiler to storefront url whitelist
+issue: NEXT-00000
+author: Benedikt Brunner
+author_email: benedikt.brunner@pickware.de
+author_github: Benedikt-Brunner
+---
+___
+# Storefront
+*  Added the `/_fragment` url-snippet to the allow list of the `RequestTransformer`
diff --git a/src/Storefront/Framework/Routing/RequestTransformer.php b/src/Storefront/Framework/Routing/RequestTransformer.php
index b2c057d1776..4b2d0a9434f 100644
--- a/src/Storefront/Framework/Routing/RequestTransformer.php
+++ b/src/Storefront/Framework/Routing/RequestTransformer.php
@@ -81,6 +81,7 @@ class RequestTransformer implements RequestTransformerInterface
         '/_error/',
         '/payment/finalize-transaction',
         '/installer',
+        '/_fragment/',
     ];
 
     /**

From b9c549619d0772d779f28e0fa426f2539ff8f4e5 Mon Sep 17 00:00:00 2001
From: ssltg <s.sluiter@shopware.com>
Date: Tue, 25 Jun 2024 12:41:46 +0200
Subject: [PATCH 2/2] NEXT-36872 - changed naming in RequestTransformer and
 added tests

---
 ...un-profiler-to-storefront-url-whitelist.md |  2 +-
 .../Framework/Routing/RequestTransformer.php  |  4 +--
 .../Routing/RequestTransformerTest.php        | 31 +++++++++++++++++++
 3 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/changelog/_unreleased/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md b/changelog/_unreleased/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md
index 9a37b2fa9b0..80ea0f33ff0 100644
--- a/changelog/_unreleased/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md
+++ b/changelog/_unreleased/2024-06-10-add-path-required-to-run-profiler-to-storefront-url-whitelist.md
@@ -1,6 +1,6 @@
 ---
 title: Add path required to run profiler to storefront url whitelist
-issue: NEXT-00000
+issue: NEXT-36872
 author: Benedikt Brunner
 author_email: benedikt.brunner@pickware.de
 author_github: Benedikt-Brunner
diff --git a/src/Storefront/Framework/Routing/RequestTransformer.php b/src/Storefront/Framework/Routing/RequestTransformer.php
index 4b2d0a9434f..7395858eb69 100644
--- a/src/Storefront/Framework/Routing/RequestTransformer.php
+++ b/src/Storefront/Framework/Routing/RequestTransformer.php
@@ -75,7 +75,7 @@ class RequestTransformer implements RequestTransformerInterface
     /**
      * @var array<string>
      */
-    private array $whitelist = [
+    private array $allowedList = [
         '/_wdt/',
         '/_profiler/',
         '/_error/',
@@ -244,7 +244,7 @@ private function isSalesChannelRequired(string $pathInfo): bool
             }
         }
 
-        foreach ($this->whitelist as $prefix) {
+        foreach ($this->allowedList as $prefix) {
             if (str_starts_with($pathInfo, $prefix)) {
                 return false;
             }
diff --git a/tests/unit/Storefront/Framework/Routing/RequestTransformerTest.php b/tests/unit/Storefront/Framework/Routing/RequestTransformerTest.php
index f55de830cc7..d46a00b5ecd 100644
--- a/tests/unit/Storefront/Framework/Routing/RequestTransformerTest.php
+++ b/tests/unit/Storefront/Framework/Routing/RequestTransformerTest.php
@@ -89,5 +89,36 @@ public static function notRequiredSalesChannelProvider(): iterable
             'registeredApiPrefixes' => ['api'],
             'requestUri' => 'http://shopware.com//api//',
         ];
+
+        // Allowedlist paths:
+        yield '_wdt case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/_wdt/',
+        ];
+
+        yield '_profiler case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/_profiler/',
+        ];
+
+        yield '_error case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/_error/',
+        ];
+
+        yield 'payment finalize-transaction case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/payment/finalize-transaction/',
+        ];
+
+        yield 'installer case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/installer',
+        ];
+
+        yield '_fragment case' => [
+            'registeredApiPrefixes' => ['api'],
+            'requestUri' => 'http://shopware.com/_fragment/',
+        ];
     }
 }