From ff89125c80b3b82903b28027c8b02dad207aa604 Mon Sep 17 00:00:00 2001
From: Yohan Boniface <yohanboniface@free.fr>
Date: Sat, 23 Sep 2023 20:48:45 +0200
Subject: [PATCH 1/2] Redirect to canonical URL when people share the ?edit
 link

---
 umap/static/umap/js/umap.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/umap/static/umap/js/umap.js b/umap/static/umap/js/umap.js
index f363ec88..a7a301bd 100644
--- a/umap/static/umap/js/umap.js
+++ b/umap/static/umap/js/umap.js
@@ -263,7 +263,12 @@ L.U.Map.include({
     this.onceDataLoaded(function () {
       const slug = L.Util.queryString('feature')
       if (slug && this.features_index[slug]) this.features_index[slug].view()
-      if (L.Util.queryString('edit')) this.enableEdit()
+      if (L.Util.queryString('edit')) {
+        if (this.hasEditMode()) this.enableEdit()
+        // Sometimes users share the ?edit link by mistake, let's redirect
+        // to canonical in this case
+        else window.location = window.location.pathname
+      }
       if (L.Util.queryString('download')) this.download()
     })
 

From 013d2fd5eebb3a9044f4e7895de3e40df0de61ef Mon Sep 17 00:00:00 2001
From: Yohan Boniface <yohanboniface@free.fr>
Date: Wed, 27 Sep 2023 07:13:30 +0200
Subject: [PATCH 2/2] Always remove ?edit from URL, so users do not share it by
 mistake

---
 umap/static/umap/js/umap.js              | 8 +++++---
 umap/tests/integration/test_owned_map.py | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/umap/static/umap/js/umap.js b/umap/static/umap/js/umap.js
index a7a301bd..45648587 100644
--- a/umap/static/umap/js/umap.js
+++ b/umap/static/umap/js/umap.js
@@ -265,9 +265,11 @@ L.U.Map.include({
       if (slug && this.features_index[slug]) this.features_index[slug].view()
       if (L.Util.queryString('edit')) {
         if (this.hasEditMode()) this.enableEdit()
-        // Sometimes users share the ?edit link by mistake, let's redirect
-        // to canonical in this case
-        else window.location = window.location.pathname
+        // Sometimes users share the ?edit link by mistake, let's remove
+        // this search parameter from URL to prevent this
+        const url = new URL(window.location)
+        url.searchParams.delete('edit')
+        history.pushState({}, '', url)
       }
       if (L.Util.queryString('download')) this.download()
     })
diff --git a/umap/tests/integration/test_owned_map.py b/umap/tests/integration/test_owned_map.py
index 75becdcc..c22a7c3a 100644
--- a/umap/tests/integration/test_owned_map.py
+++ b/umap/tests/integration/test_owned_map.py
@@ -94,6 +94,8 @@ def test_owner_permissions_form(map, datalayer, live_server, login):
         ".datalayer-permissions select[name='edit_status'] option:checked"
     )
     expect(option).to_have_text("Inherit")
+    # Should have been removed since page load
+    assert "edit" not in page.url
 
 
 def test_map_update_with_editor(map, live_server, login, user):