* Only validate segment values for cultures they are defined for.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Integration test suppressions.
* Remove previous implementation using ISegmentService and rely on values provided in the model to determine segments with cultures.
* Omit null culture and remove passing but unrealistic tests.
* Fixed nullability error.
* Apply suggestions from code review
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* Relocated function following code review.
* Reset unchanged files.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* Return not found when request for content references when entity does not exist.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Move check for entity existence from controller to the service.
* Update OpenApi.json.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Addressed points raised in code review.
* Update OpenApi.json
* Resolved breaking changes.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Applies checks for root folders to static file tree service.
* Add integration tests.
* Fix ancestor test.
* Amends from code review.
* Integration test compatibility suppressions.
* Reverted breaking change in test base class.
* Fix preview showing published version when Save and Preview is clicked multiple times
Fixes#20981
When clicking "Save and Preview" multiple times, the preview tab would show the published version instead of the latest saved version. This occurred because:
1. Each "Save and Preview" creates a new preview session with a new token
2. The preview window is reused (via named window target)
3. Without a URL change, the browser doesn't reload and misses the new session token
4. The stale page gets redirected to the published URL
Solution: Add a cache-busting parameter (?rnd=timestamp) to the preview URL, forcing the browser to reload and pick up the new preview session token. This aligns with how SignalR refreshes work.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Improve Save and Preview to avoid full page reloads when preview is already open
When clicking "Save and Preview" multiple times with a preview tab already open, the entire preview tab would reload. This enhancement makes it behave like the "Save" button - only the iframe reloads, not the entire preview wrapper.
Changes:
- Store reference to preview window when opened
- Check if preview window is still open before creating new session
- If open, just focus it and let SignalR handle the iframe refresh
- If closed, create new preview session and open new window
This provides a smoother UX where subsequent saves don't cause the preview frame and controls to reload, only the content iframe refreshes via SignalR.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Close preview window when ending preview session
Changes the "End Preview" behavior to close the preview tab instead of navigating to the published URL. This provides a cleaner UX and ensures subsequent "Save and Preview" actions will always create a fresh preview session.
Benefits:
- Eliminates edge case where preview window remains open but is no longer in preview mode
- Simpler behavior - preview session ends and window closes
- Users can use "Preview website" button if they want to view published page
Also removes unnecessary await on SignalR connection.stop() to prevent blocking if the connection cleanup hangs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix preview cookie expiration and add proper error handling
This commit addresses cookie management issues in the preview system:
1. **Cookie Expiration API Enhancement**
- Added `ExpireCookie` overload with security parameters (httpOnly, secure, sameSiteMode)
- Added `SetCookieValue` overload with optional expires parameter
- Marked old methods as obsolete for removal in Umbraco 19
- Ensures cookies are expired with matching security attributes
2. **PreviewService Cookie Handling**
- Changed to use new `ExpireCookie` method with explicit security attributes
- Maintains `Secure=true` and `SameSite=None` for cross-site scenarios
- Uses new `SetCookieValue` overload with explicit expires parameter
- Properly expires preview cookies when ending preview session
3. **Frontend Error Handling**
- Added try-catch around preview window reference checks
- Handles stale window references gracefully
- Prevents potential errors from accessing closed window properties
These changes ensure preview cookies are properly managed throughout their
lifecycle and support both same-site and cross-site scenarios (e.g., when
the backoffice is on a different domain/port during development).
Fixes#20981🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Track document ID for preview window to prevent reusing window across different documents
When navigating from one document to another in the backoffice, the preview window reference was being reused even though it was showing a different document. This meant clicking "Save and Preview" would just focus the existing window without updating it to show the new document.
Now we track which document the preview window is showing and only reuse the window if:
1. The window is still open
2. The window is showing the same document
This ensures each document gets its own preview session while still avoiding unnecessary full page reloads when repeatedly previewing the same document.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove updates to ICookieManager and use Cookies.Delete to remove cookie.
* Fix file not found on click to save and preview.
* Removed further currently unnecessary updates to the cookie manager interface and implementation.
* Fixed failing unit test.
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Adding the sorter controller, and fixing some ui elements so you are able to drag the hostname elements around to sort them
* Fixed sorting
* Changed the html structure and tweaked around with the css to make it look better.
Added a description for the Culture section.
Alligned the rendered text to allign better with the name "Culture and Hostnames"
* Update src/Umbraco.Web.UI.Client/src/packages/documents/documents/entity-actions/culture-and-hostnames/modal/culture-and-hostnames-modal.element.ts
Forgot to remove this after I was done testing
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/Umbraco.Web.UI.Client/src/packages/documents/documents/entity-actions/culture-and-hostnames/modal/culture-and-hostnames-modal.element.ts
Changing grid-gap to just gap
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Removed the disabled and readonly props I added since they are not needed.
Removed the conditional rendering that was attached to the readonly and disabled properties
* Removed the item id from the element and changed css and sorter logic to target the hostname-item class instead
* Updated test
* Bumped helpers
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Niels Lyngsø <nsl@umbraco.dk>
Co-authored-by: Andreas Zerbst <73799582+andr317c@users.noreply.github.com>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
* Added tests for notification emails for content
* Bumped version
* Updated tests for notification permission in content
* Added appsettings.json for smtp tests
* Added smtp test project
* Updated nightly E2E test pipeline yaml file to run smtp project in the pipeline
* Fixed command to run smtp4dev in Docker
* Fixed pipeline
* Only run smtp tests on Linux
* Debugged
* Debugging
* Added step to stop smtp4dev container
* Debugging
* Updated port
* Reverted tests
* Added more tests for notification emails
* Formatted code
* Update Swashbuckle to v10
* Regenerate backoffice api client
* Add missing space for consistency
* Simplify nullability check
* Small improvement
Didn't notice that these classes were internal, so tried keeping compatibility, but it wasn't needed.
* Fix failing integration test
* Apply suggestions from code review
Co-authored-by: Andy Butland <abutland73@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Remove unnecessary comma
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Updated block list tests as the “Add Block” button is hidden after reaching the maximum limit.
* Updated validation option due to UI changes
* Updated tests for current user profile as waitForNetworkToBeIdle() is removed
* Fixed flaky tests
* Bumped version
* Updated tests for current user profile
* Bumped version
* Preserve existing Examine FieldDefinitionCollection if it already exists (#20267)
* Fix missing bracket
* Minor tidy/addition of comments; addition of unit tests.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
(cherry picked from commit 908974c6ac)
* Preserve existing Examine FieldDefinitionCollection if it already exists (#20267)
* Fix missing bracket
* Minor tidy/addition of comments; addition of unit tests.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Add MemberType/MemberTypeContainer to supported EntityContainer object types
* Implement MemberTypeContainerRepository
* Update and add member type container API endpoints
* Complete server and client-side implementation for member type container support.
* Fix FE linting errors.
* Export folder constants.
* Applied suggestions from code review.
* Updated management API authorization tests for member types.
* Resolved breaking change on copy member type controller.
* Allow content types to be moved to own folder without error.
* Use flag providers for member type siblings endpoint.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Ensure redirects with domains are stored with the domain node id prefix.
* Handle removal of self-referencing redirect when domains are used.
* Use entity path to save further queries for retrieving ancestor IDs.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Applied refactoring suggested in code review.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Use empty folder under temp as localized text source folder in non umbraco core integration tests.
* Added clarifying comment to the GetLocalizedTextService override for tests
Handles rich text blocks created with TinyMCE in convert local links migration.
Refreshes internal datatype cache following migration requiring cache rebuild.
# Conflicts:
# src/Umbraco.Infrastructure/Migrations/MigrationPlanExecutor.cs
Handles rich text blocks created with TinyMCE in convert local links migration.
Refreshes internal datatype cache following migration requiring cache rebuild.
Handles rich text blocks created with TinyMCE in convert local links migration.
Refreshes internal datatype cache following migration requiring cache rebuild.
* Removed skips for tests whose related issues have been fixed.
* Remove skip tags and update tests for content with list view
* Removed skip tags
* Added comment and change to fixme for tests that need to implement later
* Removed skip tag
* Bumped version
* configure max chars for textbox
* min 1
* Adds server-side check for text box min and max character validation.
* Applied suggestion from code review.
* Bumped version of test helper
* Fixed test that was creating a text string data type with too large a maximum characters setting.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
Co-authored-by: Nhu Dinh <hnd@umbraco.dk>
* Adding fix for self-referncing redirects for 17
* Using umbraco context on failing tests
* Tests to see if self referencing redirects gets deleted
* Refactoring and adding correct tests.
* Expanding tests for RedirectTrackerTests.cs
* Optimize by only retrieving th list of existing URLs for a content item if we have a valid route to create a redirect for.
* Extract method refactoring, added explanatory comment, fixed warnings and formatting.
* Resolved warnings in RedirectService.
* Minor naming and formatting refactor in tests.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Move access/refresh tokens to secure cookies (#20779)
* feat: adds the `credentials: include` header to all manual requests
* feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true)
* feat: configures the auto-generated fetch client from hey-api to include credentials by default
* Add OpenIddict handler to hide tokens from the back-office client
* Make back-office token redaction optional (default false)
* Clear back-office token cookies on logout
* Add configuration for backoffice cookie settings
* Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings
* Use the "__Host-" prefix for cookie names
* docs: adds documentation on cookie settings
* build: sets up launch profile for vscode with new cookie recommended settings
* docs: adds extra note around SameSite settings
* docs: adds extra note around SameSite settings
* Respect sites that do not use HTTPS
* Explicitly invalidate potentially valid, old refresh tokens that should no longer be used
* Removed obsolete const
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Remove configuration option
* Invalidate all existing access tokens on upgrade
* docs: updates recommended settings for development
* build: removes non-existing variable
* Skip flaky test
* Bumped version of our test helpers to fix failing tests
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
* Exclude the relate parent on delete relation type from checks for related documents and media on delete, when disable delete with references is enabled.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Applied suggestions from code review.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* sql column type map include dateonly and timeonly
* Split Mapper and add check null value
* Minor code tidy resolving a few warnings.
* add spaces
* clean code
---------
Co-authored-by: Lan Nguyen Thuy <lnt@umbraco.dk>
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Added integration tests for PropertyTypeUsageService and adjusted assert in management API permissions test.
* Commented or fixed management API integration tests verifying permissions where we were asserting on an error response.
* Added skip tag for the failing tests due to the issues and added waits for the flaky tests
* Commentted code as the reference items displays randomly
* Bumped version
* Added more waits to avoid the flaky tests
* Updated tests for setting culture and hostnames since the first content already has the default domain
* Fixed flaky tests
* Updated tests since the reload step is flaky
* Added more waits for the flaky tests in Windows
* Need to publish first document before set domain for second document
* Make permission tests run in the pipeline
* Added step to ensure the rollback action is completed
* Reverted npm command
* Added skip tag for the permission tests
* Fixed test for the culture and hostname permission
* Removed waits as it is includes in test helper
* Fixed test for adding a media in RTE Tiptap property editor
* Updated test helper function to avoid the flaky tests releated to block
* Added more waits to ensure image uploaded
* Bumped version
* Bumped version
* Reverted
* Reverted code
* Bumped version of test helper
* Bumped version
* Reverted code
* Added more waits to avoid flaky tests
* Added more waits
* Updated nightly pipeline: remove v17/dev, run different app setting tests by default and not run Relation Type in Linux as they are too flaky
* Added more waits
* Added npm command for testWindows
* Added more waits after creating a folder
* Add MoveFile it IFileSystem and implement on file systems.
* Rename media file on move to recycle bin.
* Rename file on restore from recycle bin.
* Add configuration to enabled recycle bin media protection.
* Expose backoffice authentication as cookie for non-backoffice usage.
Protected requests for media in recycle bin.
* Display protected image when viewing image cropper in the backoffice media recycle bin.
* Code tidy and comments.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Introduced helper class to DRY up repeated code between image cropper and file upload notification handlers.
* Reverted client-side and management API updates.
* Moved update of path to media file in recycle bin with deleted suffix to the server.
* Separate integration tests for add and remove.
* Use interpolated strings.
* Renamed variable.
* Move EnableMediaRecycleBinProtection to ContentSettings.
* Tidied up comments.
* Added TODO for 18.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
