* Applies checks for root folders to static file tree service.
* Add integration tests.
* Fix ancestor test.
* Amends from code review.
* Integration test compatibility suppressions.
* Reverted breaking change in test base class.
(cherry picked from commit 84c15ff4d7)
* Fix infinite recursion and incorrect error notifications in tree children loading
This commit addresses two critical issues in the tree item children manager:
1. **Infinite recursion vulnerability**: The #resetChildren() method called
loadChildren(), which could recursively call #resetChildren() again if
the underlying issue persisted, creating an infinite loop.
2. **Inappropriate error messages**: The "Menu loading failed" notification
was shown even in legitimate scenarios, such as when deleting the last
child of a node, where an empty tree is the expected outcome.
Changes made:
- Add ResetReason type ('error' | 'empty' | 'fallback') to differentiate
between error states and expected empty states
- Extract #loadChildrenWithOffsetPagination() as a terminal fallback method
that uses only offset pagination and never calls #resetChildren(),
structurally preventing recursion
- Update #resetChildren() to:
- Accept a reason parameter to determine whether to show error notification
- Reset all retry counters (#loadChildrenRetries, #loadPrevItemsRetries,
#loadNextItemsRetries) to ensure clean state
- Call #loadChildrenWithOffsetPagination() instead of loadChildren()
- Only show error notification when reason is 'error'
- Update all call sites of #resetChildren() with appropriate reasons:
- 'error' when retries are exhausted (actual failures)
- 'empty' or 'fallback' when no new target is found (may be expected,
e.g., after deleting items)
The fix makes infinite recursion structurally impossible by creating a
one-way flow: target-based loading can fall back to #resetChildren(),
which calls offset-only loading that never recurses back.
* Fix undefined items array causing tree to break after deletion
This fixes the root cause of issue #20977 where deleting a document type
would cause the tree to "forever load" with a JavaScript error.
The error occurred in #getTargetResultHasValidParents() which called .every()
on data without checking if it was undefined. When the API returned undefined
items (e.g., after deleting the last child), this caused:
TypeError: can't access property "every", e is undefined
The fix adds a guard to check if data is undefined before calling .every(),
returning false in that case to trigger the proper error handling flow.
* Address code review feedback on terminal fallback method
- Change error throwing to silent return for graceful failure handling
- Remove target pagination state updates from offset-only loading method
- Update JSDoc to clarify that method does not throw errors
* Add migration to fix umbracoPropertyData column casing.
* Improve migration with column existence check and logging
- Add ILogger to log when column is renamed
- Check if column exists with incorrect casing before renaming
- Use fluent Rename API instead of raw SQL
- Add XML remarks documentation
?? Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Clarify what old and new column name really is
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: kjac <kja@umbraco.dk>
# Conflicts:
# src/Umbraco.Infrastructure/Migrations/Upgrade/UmbracoPlan.cs
Use AddComponent for OpenAPI security scheme registration
Fixes security requirements being serialized as empty objects in the
OpenAPI document by using the document's AddComponent method instead
of directly manipulating the SecuritySchemes dictionary.
* Adds localization manifests for region-specific cultures
This is to support backwards-compatibility and v13 upgradability.
* Removed `uiCulture` from Vietnamese localizations
since it duplicated the English fallback texts.
* 'en' localization file formatting
* Update src/Umbraco.Web.UI.Client/src/assets/lang/en.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update Swashbuckle to v10
* Regenerate backoffice api client
* Add missing space for consistency
* Simplify nullability check
* Small improvement
Didn't notice that these classes were internal, so tried keeping compatibility, but it wasn't needed.
* Fix failing integration test
* Apply suggestions from code review
Co-authored-by: Andy Butland <abutland73@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Remove unnecessary comma
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Handles rich text blocks created with TinyMCE in convert local links migration.
Refreshes internal datatype cache following migration requiring cache rebuild.
* Redact back-office PKCE codes from the server
* Update src/Umbraco.Cms.Api.Common/DependencyInjection/HideBackOfficeTokensHandler.cs
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Removes npm commands from the MSBuild of the CSPROJ of the umbraco-extension dotnet new template
Was agreed by the community package team to remove this, as this DX can cause more issues than actually help users in our opinion
* Removed the unused value - good catch by Copilot
* Move access/refresh tokens to secure cookies (#20779)
* feat: adds the `credentials: include` header to all manual requests
* feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true)
* feat: configures the auto-generated fetch client from hey-api to include credentials by default
* Add OpenIddict handler to hide tokens from the back-office client
* Make back-office token redaction optional (default false)
* Clear back-office token cookies on logout
* Add configuration for backoffice cookie settings
* Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings
* Use the "__Host-" prefix for cookie names
* docs: adds documentation on cookie settings
* build: sets up launch profile for vscode with new cookie recommended settings
* docs: adds extra note around SameSite settings
* docs: adds extra note around SameSite settings
* Respect sites that do not use HTTPS
* Explicitly invalidate potentially valid, old refresh tokens that should no longer be used
* Removed obsolete const
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Remove configuration option
* Invalidate all existing access tokens on upgrade
* docs: updates recommended settings for development
* build: removes non-existing variable
* Skip flaky test
* Bumped version of our test helpers to fix failing tests
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
Update icon usage in collection menu and example data
Replaces <uui-icon> with <umb-icon> in the default collection menu item element to support colors. Also updates example picker data source items to showcase color support.
* Add MemberType/MemberTypeContainer to supported EntityContainer object types
* Implement MemberTypeContainerRepository
* Prepare base controller for MemberTypeTreeControllerBase.
* Revert "Prepare base controller for MemberTypeTreeControllerBase."
This reverts commit ad213a23add5e511b1fba6580ca563156cd9c043.
* Added foldersOnly flag in readiness for support in 17.1.
* Added foldersOnly flag in readiness for support in 17.1 (2).
---------
Co-authored-by: Ronald Barendse <ronald@barend.se>
* Make the RTE treat an "empty" value as a non-value
* Additional tests
* Add tests for invariant and variant content.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
