diff --git a/api/src/org/labkey/api/action/PermissionCheckableAction.java b/api/src/org/labkey/api/action/PermissionCheckableAction.java index 5f0d67aac48..59286f46571 100644 --- a/api/src/org/labkey/api/action/PermissionCheckableAction.java +++ b/api/src/org/labkey/api/action/PermissionCheckableAction.java @@ -174,9 +174,12 @@ private void _checkActionPermissions(Set contextualRoles) throws Unauthori } boolean requiresLogin = actionClass.isAnnotationPresent(RequiresLogin.class); - if (requiresLogin && user.isGuest()) + if (requiresLogin) { - throw new UnauthorizedException(); + if (user.isGuest()) + throw new UnauthorizedException(); + if (this instanceof BaseViewAction viewaction) + viewaction.getPageConfig().setNoIndex(); } // User must have ALL permissions in this set diff --git a/api/src/org/labkey/api/view/template/PageConfig.java b/api/src/org/labkey/api/view/template/PageConfig.java index 5b7c808b754..87b110d96db 100644 --- a/api/src/org/labkey/api/view/template/PageConfig.java +++ b/api/src/org/labkey/api/view/template/PageConfig.java @@ -62,6 +62,7 @@ import static java.util.Objects.requireNonNullElse; import static org.apache.commons.lang3.StringUtils.isNotBlank; import static org.apache.commons.lang3.StringUtils.isNotEmpty; +import static org.labkey.api.data.DataRegion.CONTAINER_FILTER_NAME; import static org.labkey.api.util.PageFlowUtil.jsString; import static org.labkey.api.view.template.WarningService.SESSION_WARNINGS_BANNER_KEY; @@ -401,7 +402,7 @@ public void setCanonicalLink(String link) } - String[] ignoreParameters = new String[] {"_dc", "_template", "_print", "_debug", "_docid", DataRegion.LAST_FILTER_PARAM}; + static final Set ignoreParameters = Set.of("_dc", "_template", "_print", "_debug", "_docid", DataRegion.LAST_FILTER_PARAM); @Nullable private String getCanonicalLink(URLHelper current) @@ -410,17 +411,29 @@ private String getCanonicalLink(URLHelper current) return _canonicalLink; if (null == current) return null; - URLHelper u = null; - if (current instanceof ActionURL && !((ActionURL)current).isCanonical()) - u = current.clone(); - for (String p : ignoreParameters) + return makeCanonicalLink(current); + } + + + private static String makeCanonicalLink(URLHelper current) + { + var params = current.getParameters(); + URLHelper u = current.clone().deleteParameters(); + + for (var pair : params) { - if (null != current.getParameter(p)) - u = (null==u ? current.clone() : u).deleteParameter(p); + if (ignoreParameters.contains(pair.getKey())) + continue; + // Strip container filters from the URL to prevent crawlers from over-indexing a URL with different parameter values + if (pair.getKey().endsWith(CONTAINER_FILTER_NAME)) + + continue; + u.addParameter(pair.getKey(), pair.getValue()); } - return null == u ? null : u.getURIString(); + return u.getURIString(); } + public HtmlString getPreloadTags() { final List fonts = List.of( diff --git a/core/src/org/labkey/core/admin/AdminController.java b/core/src/org/labkey/core/admin/AdminController.java index e47d972f1b0..4cebf24622f 100644 --- a/core/src/org/labkey/core/admin/AdminController.java +++ b/core/src/org/labkey/core/admin/AdminController.java @@ -186,6 +186,7 @@ import org.springframework.web.servlet.mvc.Controller; import javax.mail.MessagingException; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.awt.*; @@ -290,6 +291,16 @@ public class AdminController extends SpringActionController private static long _errorMark = 0; private static long _primaryLogMark = 0; + + @Override + protected void beforeAction(Controller action) throws ServletException + { + super.beforeAction(action); + if (action instanceof BaseViewAction viewaction) + viewaction.getPageConfig().setNoIndex(); + } + + public static void registerAdminConsoleLinks() { Container root = ContainerManager.getRoot();