Safari appears to ignore load permission

Hi

I’ve got resources that anonymous users are not allowed to “view”.

However, I want them to see the (long)title of the protected resources (in gray rather than in black) in the file list. And when they click on the link, they should be sent to the unauthorized_page. Therefore, I gave them the “load only” permission for these protected files.

I created a resource/user group and acls to make everything work as expected.

The first lines of the snippet that checks the view permission of the resources are:

$resourceID = $modx->getOption('id', $scriptProperties);
$resource = $modx->getObject('modResource', $resourceID);

Strangely enough, Safari cannot set the $resource variable - while Chrome and Firefox work as expected.

if (!isset($resource))  {
    $modx->log(modX::LOG_LEVEL_ERROR, '[checkPermission] $resource variable not set');
    return;
}

If I test the file listing in Safari I get messages in the error log. If I do the same in Chrome/Firefox everything works as expected.

Why is that? How do I make Safari work as intended?

Thanks for your help

Ludo

It seems unlikely that the browser would affect MODX’s security logic. Is it possible that the Safari cache is the issue?

Are you logged in in chrome/Firefox by chance?

ACLs are already applied in xPDO, so the getObject might already reject the resource if it doesn’t have permission.

Hi Bob

That’s exactly what I thought: it’s about the server/backend, not the frontend.

I emptied the cache more than once. To no avail.

But then I tried Safari on another computer. And there the code worked as expected.

Both Safaris are up to date (on the Apple that is causing trouble it’s 12.1.2 - on the other it’s 12.1).

So the question now seems to be: how do I effectively empty the cache on Safari? Which is, of course, not a question for this forum.

Thanks for helping me out.

Ludo

Hi Mark

A very good question, but I’ve been there before . I made sure to check that.

Thanks for your help

Ludo