navigation – The “is-active” class is added to the main-menu links only when the site is accessed by an anonymous user

I use this simple template (menu–main.html.twig) to render the main menu I created.

<ul>
    {% for item in items %}
    <li>
        {{ link(item.title, item.url) }}
        {% if item.below is not empty %}
            <div class='submenu'>
                {% for subitem in item.below %}
                    {{ link(subitem.title, subitem.url) }}
                {% endfor %}
            </div>
        {% endif %}
    </li>
    {% endfor %}
</ul>

Drupal is nice enough to add an is-active class to the currently active link, which is good and worked fine for a bit.

Recently, it stopped working properly and I have no idea why. Currently it is only applying an is-active class to the menu links when I am not logged in. When I log in, there is only a menu link that gets that class applied to it when active.

The menu links are identical, apart title and destination on the Edit Menu Link menu, so I’m very confused.

Can anybody offer suggestions for things to try to help solve this problem?

Anonymous cloud hosting in Europe (Riga, Latvia). 100% confidential.


We are a web hosting company running our own private datacenter located in Europe (Latvia). We offer quality cloud hosting from as low as $1.99/mo.

All we do: domain registration, web hosting, SSL certs etc. is 100% confidential.

Personal 1GB disk space, 1GBit port, 1 domain, unmetered bandwidth, cPanel, Softaculous @$1.99/mo. Click here to Order Now!

Business 5GB disk space, 1GBit port, 3 domains, unmetered bandwidth, cPanel, Softaculous @$3.99/mo. Click here to Order Now!

Professional 20GB disk space, 1GBit port, unlimited domains, unmetered bandwidth, cPanel, Softaculous @$6.99/mo. Click here to Order Now!

Please visit our website: https://serveria.com or PM me for a personalized quotation.

authentication – Strategies for segregating anonymous and secure access to APIs

Traditionally, we used either path-based access control or a separate DNS for public and private content segregation. In the modern era of standard-based auth, what are the best auth strategies for segregating anonymous and secure access to APIs?

  1. If OAuth 2 is used to auth APIs (exposed via a single DNS), how can APIs that do not require authentication be effectively separated?
  2. How would authorization work between anonymous and secure queries in the case of a GraphQL API?

Custom block is still caching for anonymous users despite getCacheMaxAge() being set to 0 and can’t figure out why

I have a custom Drupal 8 block with class with build() and getCacheMaxAge() functions. getCacheMaxAge() is set to 0 but it is still being cached for anonymous users.

If I put debug code in the build() function I can see it being called when I’m logged in but not for anonymous users.

My code is below. We do have Memcached installed. Would that be causing the issue?

The only other caching modules are core.

<?php
class HeaderPhone extends BlockBase {
  /**
   * {@inheritdoc}
   */
  public function build() {

    $info = geo_location_blocks_get_region();
    $region = $info('region');
    $tid = $info('tid');

    return array(
        '#theme' => 'geo_location_header_phone',
        '#region' => $region,
        '#view' => views_embed_view('locations', 'block_3', $tid),
      
    );
  }

  /**
   * @return int
  */
  public function getCacheMaxAge() {
    return 0;
  }
}?>

  

      <?php
        class HeaderPhone extends BlockBase {
          /**
           * {@inheritdoc}
           */
          public function build() {
            Drupal::logger('HeaderPhone')->notice('1');
            $info = geo_location_blocks_get_region();
            $region = $info('region');
            $tid = $info('tid');
        
            return array(
                '#theme' => 'geo_location_header_phone',
                '#region' => $region,
                '#view' => views_embed_view('locations', 'block_3', $tid),
            );
          }
        
          /**
           * @return int
          */
          public function getCacheMaxAge() {
            return 0;
          }
        }
        ?>

7 – Downloading xlsm is disabled for anonymous user: What function is responsible for this access control?

We have a D7.8 site with Panopoly 7.x-1.81. No access control modules.

A standard filefield is used for uploads and functions perfectly for the usual set of mime types.

We recently extended the list of allowable extensions in the field definition to include .xlsm

Our xlsm files are code-signed and certified by a Microsoft-approved cert provider.

We can upload the xlsm files no problem, and logged-in users can see the download link.

**However, anonymous users do not see the download link.

We are not sure what function could be deciding to block display of this filetype.**

Can anyone suggest possible avenues for investigation?

how do you guys do domain names and hosting to stay anonymous

looking at starting my own site but the privacy issue has me a little worried.

does everyone use njalla for domain names these days?

what about hosting?

Drupal 8 Webform: Let anonymous user download pdf off his own webform submission

I have configured entity_print with webform for D8 and can download a submission as pdf from the submission view.
Now I tried to let anonymous users fill out a form and added a link to the pdf on the confirmation page. I checked the show own submissions for guests on the permission page of that webform.
But when I try to access the pdf with the submited data I get a permission denied message.
http://mywebsite/print/pdf/webform_submission/15?view_mode=html seems not to do the trick.

The use case just is: Display a confirmation page with the submitted values to the user and let the user download it as pdf.
Any hints on that?

Anonymous access to search brings down the Solr sever

My Drupal website uses Search API for Solr integration.
The search API and apache solr is used as backend search for the site.
I am facing a problem with respect to the usage of a search feature for anonymous users.
When I allow and give access to anonymous users to use the search functionality of solr on Drupal, then after few days the Solr server goes down and I have to to restart it to resume the search functionality on site. However, if I restrict the usage of search to users with an account/ verified users, then the server remains stable.

I think spammers are firing queries and bringing down the Solr server when it’s open to anonymous users.

I tried using Honeypot, but it didn’t help.

How can I resolve this issue?

Anonymous access to search brings down the Solr sever

My Drupal website uses Search API for Solr integration.
The search API and apache solr is used as backend search for the site.
I am facing a problem with respect to the usage of a search feature for anonymous users.
When I allow and give access to anonymous users to use the search functionality of solr on Drupal, then after few days the Solr server goes down and I have to to restart it to resume the search functionality on site. However, if I restrict the usage of search to users with an account/ verified users, then the server remains stable.

I think spammers are firing queries and bringing down the Solr server when it’s open to anonymous users.

I tried using Honeypot, but it didn’t help.

How can I resolve this issue?

Anonymous access to search brings down the Solr sever

My Drupal website uses Search API for Solr integration.
The search API and apache solr is used as backend search for the site.
I am facing a problem with respect to the usage of a search feature for anonymous users.
When I allow and give access to anonymous users to use the search functionality of solr on Drupal, then after few days the Solr server goes down and I have to to restart it to resume the search functionality on site. However, if I restrict the usage of search to users with an account/ verified users, then the server remains stable.

I think spammers are firing queries and bringing down the Solr server when it’s open to anonymous users.

I tried using Honeypot, but it didn’t help.

How can I resolve this issue?