regression fix for session/logout

Signed-off-by: Andy Miller <rhuk@mac.com>
2025-12-16 05:20:31 +01:00 · 2025-11-14 15:40:09 +00:00
parent dfc1875129
commit 0a7f9c0e4e
3 changed files with 33 additions and 0 deletions
--- a/classes/plugin/AdminBaseController.php
+++ b/classes/plugin/AdminBaseController.php
@@ -96,6 +96,8 @@ class AdminBaseController

        // Make sure that user is logged into admin.
        if (!$this->admin->authorize()) {
+            $this->respondUnauthorizedIfAjax();
+
            return false;
        }

@@ -236,6 +238,31 @@ class AdminBaseController
        $this->close($response);
    }

+    /**
+     * Return a JSON 401 response when an unauthenticated request was clearly triggered via AJAX.
+     *
+     * @return void
+     */
+    protected function respondUnauthorizedIfAjax(): void
+    {
+        $uri = $this->grav['uri'] ?? null;
+        $extension = $uri ? $uri->extension() : null;
+        $accept = $_SERVER['HTTP_ACCEPT'] ?? '';
+        $requestedWith = $_SERVER['HTTP_X_REQUESTED_WITH'] ?? '';
+
+        $acceptsJson = is_string($accept) && (stripos($accept, 'application/json') !== false || stripos($accept, 'text/json') !== false);
+        $isAjax = ($extension === 'json') || $acceptsJson || (is_string($requestedWith) && strtolower($requestedWith) === 'xmlhttprequest');
+
+        if (!$isAjax) {
+            return;
+        }
+
+        $this->sendJsonResponse([
+            'status' => 'unauthenticated',
+            'message' => Admin::translate('PLUGIN_ADMIN.SESSION_EXPIRED_DESC')
+        ], 401);
+    }
+
    /**
     * @param ResponseInterface $response
     * @return never-return
--- a/themes/grav/app/utils/keepalive.js
+++ b/themes/grav/app/utils/keepalive.js
@@ -26,6 +26,9 @@ class KeepAlive {

        return fetch(`${config.base_url_relative}/task${config.param_sep}keepAlive`, {
            credentials: 'same-origin',
+            headers: {
+                'Accept': 'application/json'
+            },
            method: 'post',
            body: data
        })
--- a/themes/grav/js/admin.min.js
+++ b/themes/grav/js/admin.min.js
@@ -1064,6 +1064,9 @@ var KeepAlive = /*#__PURE__*/function () {
      data.append('admin-nonce', external_GravAdmin_namespaceObject.config.admin_nonce);
      return fetch("".concat(external_GravAdmin_namespaceObject.config.base_url_relative, "/task").concat(external_GravAdmin_namespaceObject.config.param_sep, "keepAlive"), {
        credentials: 'same-origin',
+        headers: {
+          'Accept': 'application/json'
+        },
        method: 'post',
        body: data
      }).then(function (response) {