From 013d2fd5eebb3a9044f4e7895de3e40df0de61ef Mon Sep 17 00:00:00 2001 From: Yohan Boniface Date: Wed, 27 Sep 2023 07:13:30 +0200 Subject: [PATCH] Always remove ?edit from URL, so users do not share it by mistake --- umap/static/umap/js/umap.js | 8 +++++--- umap/tests/integration/test_owned_map.py | 2 ++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/umap/static/umap/js/umap.js b/umap/static/umap/js/umap.js index a7a301bd..45648587 100644 --- a/umap/static/umap/js/umap.js +++ b/umap/static/umap/js/umap.js @@ -265,9 +265,11 @@ L.U.Map.include({ if (slug && this.features_index[slug]) this.features_index[slug].view() if (L.Util.queryString('edit')) { if (this.hasEditMode()) this.enableEdit() - // Sometimes users share the ?edit link by mistake, let's redirect - // to canonical in this case - else window.location = window.location.pathname + // Sometimes users share the ?edit link by mistake, let's remove + // this search parameter from URL to prevent this + const url = new URL(window.location) + url.searchParams.delete('edit') + history.pushState({}, '', url) } if (L.Util.queryString('download')) this.download() }) diff --git a/umap/tests/integration/test_owned_map.py b/umap/tests/integration/test_owned_map.py index 75becdcc..c22a7c3a 100644 --- a/umap/tests/integration/test_owned_map.py +++ b/umap/tests/integration/test_owned_map.py @@ -94,6 +94,8 @@ def test_owner_permissions_form(map, datalayer, live_server, login): ".datalayer-permissions select[name='edit_status'] option:checked" ) expect(option).to_have_text("Inherit") + # Should have been removed since page load + assert "edit" not in page.url def test_map_update_with_editor(map, live_server, login, user):