Fixes: U4-2952 Preview mode causes ysod - null reference

src/Umbraco.Web/UmbracoContext.cs

@@ -23,6 +23,8 @@ namespace Umbraco.Web
 
         private bool _replacing;
         private PreviewContent _previewContent;
+        //explicit flag during ctor 
+        private bool? _isPreviewing;
 
         /// <summary>
         /// Used if not running in a web application (no real HttpContext)
@@ -198,8 +200,8 @@ namespace Umbraco.Web
 
             ContentCache = publishedCaches.CreateContextualContentCache(this);
             MediaCache = publishedCaches.CreateContextualMediaCache(this);
-            InPreviewMode = preview ?? DetectInPreviewModeFromRequest();
-
+            _isPreviewing = preview;
+            
             // set the urls...
             //original request url
             //NOTE: The request will not be available during app startup so we can only set this to an absolute URL of localhost, this
@@ -399,7 +401,10 @@ namespace Umbraco.Web
         /// <summary>
         /// Determines whether the current user is in a preview mode and browsing the site (ie. not in the admin UI)
         /// </summary>
-        public bool InPreviewMode { get; private set; }
+        public bool InPreviewMode 
+        {
+            get { return _isPreviewing ?? DetectInPreviewModeFromRequest(); }
+        }
 
         private bool DetectInPreviewModeFromRequest()
         {

src/Umbraco.Web/UmbracoModule.cs

@@ -168,9 +168,9 @@ namespace Umbraco.Web
             if (http.Request.Url.IsClientSideRequest())
                 return;
 
-            if (app.Request.Url.IsBackOfficeRequest() 
-                || app.Request.Url.IsInstallerRequest() 
-                || BaseRest.BaseRestHandler.IsBaseRestRequest(UmbracoContext.Current.OriginalRequestUrl))
+            var req = new HttpRequestWrapper(app.Request);
+
+            if (ShouldAuthenticateRequest(req, UmbracoContext.Current.OriginalRequestUrl))
             {
                 var ticket = http.GetUmbracoAuthTicket();
                 if (ticket != null && !ticket.Expired && http.RenewUmbracoAuthTicket())
@@ -220,6 +220,35 @@ namespace Umbraco.Web
 
 		#region Methods
 
+        /// <summary>
+        /// Determines if we should authenticate the request
+        /// </summary>
+        /// <param name="request"></param>
+        /// <param name="originalRequestUrl"></param>
+        /// <returns></returns>
+        /// <remarks>
+        /// We auth the request when:
+        /// * it is a back office request
+        /// * it is an installer request
+        /// * it is a /base request
+        /// * it is a preview request
+        /// </remarks>
+        internal static bool ShouldAuthenticateRequest(HttpRequestBase request, Uri originalRequestUrl)
+        {
+            if (//check back office
+                request.Url.IsBackOfficeRequest()
+                //check installer
+                || request.Url.IsInstallerRequest()
+                //detect in preview
+                || (request.HasPreviewCookie() && request.Url != null && request.Url.AbsolutePath.StartsWith(IOHelper.ResolveUrl(SystemDirectories.Umbraco)) == false)
+                //check for base
+                || BaseRest.BaseRestHandler.IsBaseRestRequest(originalRequestUrl))
+            {
+                return true;
+            }
+            return false;
+        }
+
 		/// <summary>
 		/// Checks the current request and ensures that it is routable based on the structure of the request and URI
 		/// </summary>