Adds IContentCrudService registration to UmbracoBuilder alongside
IContentService. Both services are now resolvable from DI.
Includes integration test verifying successful resolution.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements IContentCrudService with full CRUD operations:
- Create: 6 overloads matching IContentService
- Read: GetById, GetByIds, GetRootContent, GetParent
- Save: Single and batch with notifications
- Delete: Cascade deletion with notifications
All methods maintain exact behavioral parity with ContentService.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Establishes shared infrastructure for content services:
- Common dependencies (DocumentRepository, AuditService, UserIdKeyResolver)
- Audit helper methods (sync and async)
- Inherits from RepositoryService for scope/query support
- Adds ContentServiceConstants for shared constants (batch page size)
Updated tracking test to look for correct assembly location.
Tracking test now fails (expected) - signals class exists for future work.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Only validate segment values for cultures they are defined for.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Integration test suppressions.
* Remove previous implementation using ISegmentService and rely on values provided in the model to determine segments with cultures.
* Omit null culture and remove passing but unrealistic tests.
* Fixed nullability error.
* Apply suggestions from code review
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* Relocated function following code review.
* Reset unchanged files.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* Return not found when request for content references when entity does not exist.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Move check for entity existence from controller to the service.
* Update OpenApi.json.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Addressed points raised in code review.
* Update OpenApi.json
* Resolved breaking changes.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: deprecates the upgrade checker
* fix: removes any deprecated UI that no longer has a function for upgrade checks in the backoffice
* chore: generates new api types
* chore: deprecates types
* chore: returns direct task
* docs: explains deprecation
* chore: deprecated model
---------
Co-authored-by: leekelleher <leekelleher@gmail.com>
* Fix preview showing published version when Save and Preview is clicked multiple times
Fixes#20981
When clicking "Save and Preview" multiple times, the preview tab would show the published version instead of the latest saved version. This occurred because:
1. Each "Save and Preview" creates a new preview session with a new token
2. The preview window is reused (via named window target)
3. Without a URL change, the browser doesn't reload and misses the new session token
4. The stale page gets redirected to the published URL
Solution: Add a cache-busting parameter (?rnd=timestamp) to the preview URL, forcing the browser to reload and pick up the new preview session token. This aligns with how SignalR refreshes work.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Improve Save and Preview to avoid full page reloads when preview is already open
When clicking "Save and Preview" multiple times with a preview tab already open, the entire preview tab would reload. This enhancement makes it behave like the "Save" button - only the iframe reloads, not the entire preview wrapper.
Changes:
- Store reference to preview window when opened
- Check if preview window is still open before creating new session
- If open, just focus it and let SignalR handle the iframe refresh
- If closed, create new preview session and open new window
This provides a smoother UX where subsequent saves don't cause the preview frame and controls to reload, only the content iframe refreshes via SignalR.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Close preview window when ending preview session
Changes the "End Preview" behavior to close the preview tab instead of navigating to the published URL. This provides a cleaner UX and ensures subsequent "Save and Preview" actions will always create a fresh preview session.
Benefits:
- Eliminates edge case where preview window remains open but is no longer in preview mode
- Simpler behavior - preview session ends and window closes
- Users can use "Preview website" button if they want to view published page
Also removes unnecessary await on SignalR connection.stop() to prevent blocking if the connection cleanup hangs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix preview cookie expiration and add proper error handling
This commit addresses cookie management issues in the preview system:
1. **Cookie Expiration API Enhancement**
- Added `ExpireCookie` overload with security parameters (httpOnly, secure, sameSiteMode)
- Added `SetCookieValue` overload with optional expires parameter
- Marked old methods as obsolete for removal in Umbraco 19
- Ensures cookies are expired with matching security attributes
2. **PreviewService Cookie Handling**
- Changed to use new `ExpireCookie` method with explicit security attributes
- Maintains `Secure=true` and `SameSite=None` for cross-site scenarios
- Uses new `SetCookieValue` overload with explicit expires parameter
- Properly expires preview cookies when ending preview session
3. **Frontend Error Handling**
- Added try-catch around preview window reference checks
- Handles stale window references gracefully
- Prevents potential errors from accessing closed window properties
These changes ensure preview cookies are properly managed throughout their
lifecycle and support both same-site and cross-site scenarios (e.g., when
the backoffice is on a different domain/port during development).
Fixes#20981🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Track document ID for preview window to prevent reusing window across different documents
When navigating from one document to another in the backoffice, the preview window reference was being reused even though it was showing a different document. This meant clicking "Save and Preview" would just focus the existing window without updating it to show the new document.
Now we track which document the preview window is showing and only reuse the window if:
1. The window is still open
2. The window is showing the same document
This ensures each document gets its own preview session while still avoiding unnecessary full page reloads when repeatedly previewing the same document.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove updates to ICookieManager and use Cookies.Delete to remove cookie.
* Fix file not found on click to save and preview.
* Removed further currently unnecessary updates to the cookie manager interface and implementation.
* Fixed failing unit test.
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Add MemberType/MemberTypeContainer to supported EntityContainer object types
* Implement MemberTypeContainerRepository
* Update and add member type container API endpoints
* Complete server and client-side implementation for member type container support.
* Fix FE linting errors.
* Export folder constants.
* Applied suggestions from code review.
* Updated management API authorization tests for member types.
* Resolved breaking change on copy member type controller.
* Allow content types to be moved to own folder without error.
* Use flag providers for member type siblings endpoint.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
Handles rich text blocks created with TinyMCE in convert local links migration.
Refreshes internal datatype cache following migration requiring cache rebuild.
* configure max chars for textbox
* min 1
* Adds server-side check for text box min and max character validation.
* Applied suggestion from code review.
* Bumped version of test helper
* Fixed test that was creating a text string data type with too large a maximum characters setting.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
Co-authored-by: Nhu Dinh <hnd@umbraco.dk>
* Adding fix for self-referncing redirects for 17
* Using umbraco context on failing tests
* Tests to see if self referencing redirects gets deleted
* Refactoring and adding correct tests.
* Expanding tests for RedirectTrackerTests.cs
* Optimize by only retrieving th list of existing URLs for a content item if we have a valid route to create a redirect for.
* Extract method refactoring, added explanatory comment, fixed warnings and formatting.
* Resolved warnings in RedirectService.
* Minor naming and formatting refactor in tests.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Move access/refresh tokens to secure cookies (#20779)
* feat: adds the `credentials: include` header to all manual requests
* feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true)
* feat: configures the auto-generated fetch client from hey-api to include credentials by default
* Add OpenIddict handler to hide tokens from the back-office client
* Make back-office token redaction optional (default false)
* Clear back-office token cookies on logout
* Add configuration for backoffice cookie settings
* Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings
* Use the "__Host-" prefix for cookie names
* docs: adds documentation on cookie settings
* build: sets up launch profile for vscode with new cookie recommended settings
* docs: adds extra note around SameSite settings
* docs: adds extra note around SameSite settings
* Respect sites that do not use HTTPS
* Explicitly invalidate potentially valid, old refresh tokens that should no longer be used
* Removed obsolete const
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Remove configuration option
* Invalidate all existing access tokens on upgrade
* docs: updates recommended settings for development
* build: removes non-existing variable
* Skip flaky test
* Bumped version of our test helpers to fix failing tests
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
* Exclude the relate parent on delete relation type from checks for related documents and media on delete, when disable delete with references is enabled.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Applied suggestions from code review.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat: adds the `credentials: include` header to all manual requests
* feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true)
* feat: configures the auto-generated fetch client from hey-api to include credentials by default
* Add OpenIddict handler to hide tokens from the back-office client
* Make back-office token redaction optional (default false)
* Clear back-office token cookies on logout
* Add configuration for backoffice cookie settings
* Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings
* Use the "__Host-" prefix for cookie names
* docs: adds documentation on cookie settings
* build: sets up launch profile for vscode with new cookie recommended settings
* docs: adds extra note around SameSite settings
* docs: adds extra note around SameSite settings
* Respect sites that do not use HTTPS
* Explicitly invalidate potentially valid, old refresh tokens that should no longer be used
* Removed obsolete const
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Fix for partial view caches not being cleared when content is published/unpublished
* Update src/Umbraco.Core/Cache/Refreshers/Implement/ContentCacheRefresher.cs
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Change logic for clearing partial view cache
* Changed logic to only clear partial cache when content is published/unpublished or trashed
---------
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Add MemberType/MemberTypeContainer to supported EntityContainer object types
* Implement MemberTypeContainerRepository
* Prepare base controller for MemberTypeTreeControllerBase.
* Revert "Prepare base controller for MemberTypeTreeControllerBase."
This reverts commit ad213a23add5e511b1fba6580ca563156cd9c043.
* Added foldersOnly flag in readiness for support in 17.1.
* Added foldersOnly flag in readiness for support in 17.1 (2).
---------
Co-authored-by: Ronald Barendse <ronald@barend.se>
* Added integration tests for PropertyTypeUsageService and adjusted assert in management API permissions test.
* Commented or fixed management API integration tests verifying permissions where we were asserting on an error response.
* Add setter to allow handling of requests to subscribe to newsletter on install.
* Correct serialization of newsletter subscription request.
* Fix serialization and use the Umbraco.EmailMarketing service for newsletter signup.
* Remove logging of user when setting telemetry level.
* Applied suggestions from code review.
* Fix memory leak with IOptionsMonitor.OnChange and non-singleton registered components.
* Dispose disposable data editors in ValueEditorCache.
* Removed unnecessary refactoring and clarified code comments.
* Add MoveFile it IFileSystem and implement on file systems.
* Rename media file on move to recycle bin.
* Rename file on restore from recycle bin.
* Add configuration to enabled recycle bin media protection.
* Expose backoffice authentication as cookie for non-backoffice usage.
Protected requests for media in recycle bin.
* Display protected image when viewing image cropper in the backoffice media recycle bin.
* Code tidy and comments.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Introduced helper class to DRY up repeated code between image cropper and file upload notification handlers.
* Reverted client-side and management API updates.
* Moved update of path to media file in recycle bin with deleted suffix to the server.
* Separate integration tests for add and remove.
* Use interpolated strings.
* Renamed variable.
* Move EnableMediaRecycleBinProtection to ContentSettings.
* Tidied up comments.
* Added TODO for 18.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Added request cache to content and media lookups in mult URL picker.
* Allow property editors to cache referenced entities from block data.
* Update src/Umbraco.Infrastructure/PropertyEditors/MultiUrlPickerValueEditor.cs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Add obsoletions.
* Minor spellcheck
* Ensure request cache is available before relying on it.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: kjac <kja@umbraco.dk>
* Added request cache to content and media lookups in mult URL picker.
* Allow property editors to cache referenced entities from block data.
* Update src/Umbraco.Infrastructure/PropertyEditors/MultiUrlPickerValueEditor.cs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Add obsoletions.
* Minor spellcheck
* Ensure request cache is available before relying on it.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: kjac <kja@umbraco.dk>
* Added request cache to content and media lookups in mult URL picker.
* Allow property editors to cache referenced entities from block data.
* Update src/Umbraco.Infrastructure/PropertyEditors/MultiUrlPickerValueEditor.cs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Add obsoletions.
* Minor spellcheck
* Ensure request cache is available before relying on it.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: kjac <kja@umbraco.dk>
* change property value to an object
* add const for picker data source type
* Add value editor and converter server-side
* register schema for property editor + move settings ui
---------
Co-authored-by: kjac <kja@umbraco.dk>
Co-authored-by: Niels Lyngsø <nsl@umbraco.dk>
* Trees: Restore backward compatibility for file system based tree controllers (closes#20602) (#20608)
* Restore backward compatibility for file system based tree controllers.
* Aligned obsoletion messages.
* Reverts nullability update on ConvertNotificationToRequestPayload.
* Add ID when updating background job
* Reduce default period to 5 seconds
* Apply suggestions from code review
Co-authored-by: Andy Butland <abutland73@gmail.com>
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
