Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#37828 closed defect (bug) (fixed)

Images linked to Media File on click result in 405 POST requests in customizer

Reported by: timph's profile timph Owned by: westonruter's profile westonruter
Milestone: 4.7 Priority: normal
Severity: normal Version: 3.4
Component: Customize Keywords: has-patch commit
Focuses: javascript Cc:

Description

If I set an image to link to media file, when I click on it in the customizer it results in a 405 POST request, and subsequent requests all 405 preventing live changes until I re-enter the customizer.

POST: http://local.wordpress.dev/wp-content/uploads/2016/08/4-FotoliaComp_80908258_3MMPNGDGTFvm0G5emtoRa6gOYbGPgvDZ-360x253-1.jpg 405 (Not Allowed)

Steps to replicate ( I was using twenty sixteen, but issue is not theme specific ):

  1. Insert image on home page and set it to link to media file. save & publish.
  2. Open customizer, click on the image. You will get the 405 in console then.
  3. Go to "Header Image" and add a new header image. The header image will not update in the previewer, and you will have another 405 in console.

Attachments (1)

37828.0.diff (950 bytes) - added by westonruter 8 years ago.

Download all attachments as: .zip

Change History (5)

@westonruter
8 years ago

#1 @westonruter
8 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 4.7
  • Version changed from 4.6 to 3.4

@timph thanks for the report. You're quite right. The reason for the 405 (Method Not Allowed) error is that the current customizer uses an HTTP POST request to pass the customizer state into whatever URL is being navigated to. Normally links are to pages served by PHP which accepts POST requests and so it works as expected. But static files don't accept POST requests, and so this is why you see an error.

The fix is simple. We just need to prevent the customizer from attempting to follow links to wp-content since everything under there should be static files (linking directly to PHP files in plugins is an anti-pattern). So a solution here is 37828.0.diff. Give it a spin.

Note also that the transactions proposal (#30937) would change the way the preview frame works to instead use GET requests that include a UUID to indicate the customizer state that would have been previously written to WP. This would allow for natural URLs (#30028) to be used for the iframe window, as opposed to doing the current dance of doing an Ajax POST request followed by a document.write() to an about:blank iframe.

#2 @timph
8 years ago

@westonruter Thanks! - I just applied the patch, and did some testing in various scenarios. Everything is working fine, and I'm looking forward to seeing transactions make it into core soon

#3 @westonruter
8 years ago

  • Keywords commit added
  • Owner set to westonruter
  • Status changed from new to accepted

Thanks a lot for testing!

#4 @westonruter
8 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 38396:

Customize: Circumvent the customizer attempting to preview links to static assets (such as uploaded images).

The customizer's preview POST requests to static assets result in 405 Method Not Allowed responses.

Fixes #37828.

Note: See TracTickets for help on using tickets.