Bug: Exception When Navigating to a Sitecore Page in Page Editor Editing Mode While Logged Out
It seemed as the bug spree was over with, but in my case the third time was not a charm. This next bug was found in Sitecore 7.2 rev 140526 and it is a very interesting one; although it is not a “show stopper”, it can potentially expose some information about your website, and, if you follow the Sitecore best practices and make extensive use of Edit Frames in your components, this issue can drive Content Editors bananas, if not fixed or properly handled.
It took me a while to discover the bug, as most of the time, as a developer I work logged into Sitecore nine times out of 10 as an admin. I have always been a huge proponent of Edit Frames, in fact it is impossible to make a complex website fully support Page Editor without them. Take a look at the Best Practices on using Edit Frames in your solution.
Sitecore Throws an Exception on a Page With Edit Frames While Logged Out
Recently I found the following Sitecore Developer Chrome browser plugin that I find saves me some typing by having a few shortcuts, one of them being Edit Mode. What that feature does is simply append the sc_mode querystring to the current URL with the value set to edit (i.e. sc_mode=edit). Check out some of the other Sitecore querystring shortcuts. Last week I left one of my Sitecore pages open in Page Editor and went to get a quick bite to eat. After getting back I made some changes to one of the components on that page and refreshed the browser. Since I was gone for longer than the session timeout value, the CMS logged me out in the meantime. Unfortunately, upon the page refresh, instead of being redirected to the login, I was given the following exception:
buttonRoot isn't set for edit frame Description: An unhandled exception occurred. Exception Details: System.InvalidOperationException: buttonRoot isn't set for edit frame Source Error: Line 1: @inherits Glass.Mapper.Sc.Web.Mvc.GlassView<ILink> Line 2: @using (BeginEditFrame("/sitecore/content/Applications/WebEdit/Edit Frame Buttons/Path/To/Buttons", Model.Path)) Line 3: { Line 4: @RenderLink(x => x.GenericLink, isEditable: false) Source File: c:\inetpub\wwwroot\sitecore\website\path\to\view.cshtml Line: 2 Stack Trace: [InvalidOperationException: buttonRoot isn't set for edit frame] Sitecore.Diagnostics.Assert.IsNotNull(Object value, String message) +55 Sitecore.Pipelines.GetChromeData.GetEditFrameChromeData.Process(GetChromeDataArgs args) +487 (Object , Object[] ) +83 Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args) +365 Sitecore.Pipelines.GetChromeData.GetChromeDataPipeline.Run(GetChromeDataArgs args) +312 Sitecore.Web.UI.WebControls.EditFrame.InitializeFromPipeline() +211 Sitecore.Web.UI.WebControls.EditFrame.ExpandParameters() +1260 Sitecore.Web.UI.WebControls.EditFrame.RenderFirstPart(HtmlTextWriter output) +58 Glass.Mapper.Sc.Web.Ui.GlassEditFrame.RenderFirstPart() +72 Glass.Mapper.Sc.Web.Mvc.GlassView`1.BeginEditFrame(String buttons, String dataSource) +119 ASP._Page_component_that_has_an_edit_frame_cshtml.Execute() in c:\inetpub\wwwroot\sitecore\website\path\to\view.cshtml:2 System.Web.WebPages.WebPageBase.ExecutePageHierarchy() +280 System.Web.Mvc.WebViewPage.ExecutePageHierarchy() +125 System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage) +110 System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context) +380 System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) +109 System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) +890 System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) +890 System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) +97 System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +879 nbsp;
As you can see this solution was built using MVC with Sitecore Glass Mapper which has become a cornerstone of my Sitecore solutions. The exception also exposes your paths and naming conventions, which can serve as tools to a knowledgeable hacker, which is why it’s important to make sure to set custom errors to RemoteOnly or On in web.config.
Usually at this point a knee-jerk reaction would have been to go into the Core database and make sure that the Edit Frame buttons have been created in the referenced location. I knew they were, because I had just created them, but just as a sanity I made sure I didn’t mess up the path – I did not.
My second troubleshooting step was to remove the component referenced in the exception, which removed the error. After some more testing, I was able to isolate the problem to components with Edit Frames. What I also noticed was that once I logged into Sitecore to check the buttons in the Core database, I could no longer reproduce the issue.
The exception is thrown when users try to navigate to a web page in the Editing mode of the Page Editor while not being logged into Sitecore. Real world scenarios may include refreshing the page in the Editing mode after being logged out, or switching to the Editing mode using a sc_mode=edit querystring. It seems as something is throwing off the redirect to the login and Sitecore tries using using the extranet\anonymous user to access the button root item and gets a null in return as this user does not have proper permissions to read it (remember, you have to be logged in to Sitecore and have proper authoring permissions to be able to edit).
How to Fix The Bug with Sitecore Throwing Exceptions in Page Editor While Logged Out
Once the issue was identified and the source – isolated, I contacted the Sitecore Support. They were very quick with a response, stating that they were able to reproduce the issue and were working on a workaround. Within 24 hours they got back with a path. For your convenience, I have created an archive of the Edit Frame Exception in Page Editor Fix archive that can be extracted directly into the Website root folder of your Sitecore instance.
After installing the patch, users will be properly redirected to the login page instead of seeing a nasty exception. Voila!
Hopefully, this post will save many hours of frustration or days of troubleshooting to others, so please share this article, as many developers will thank you. Also remember to comment on this article, especially if you were affected by the same bug and this fix worked for you; please mention the version and revision of Sitecore you experienced the same problem on. Finally, give back by blogging, tweeting, and posting on Sitecore forums about any bugs and fixes you find yourself!
Suman Pandey
April 10, 2016 at 10:37 amThanks for reply Vasiliy!
I have downloaded Edit Frame Exception in Page Editor Fix archive which is zip file. May i know how to installing the patch in my application?
How it will sync with my application?
Thanks,
Suman Pandey
Vasiliy Fomichev
March 10, 2016 at 8:10 pmHi @disqus_Ooi0G6n1HL:disqus, feel free to reuse the fix in the archive as is 🙂
Suman Pandey
February 26, 2016 at 10:33 pmThanks for Article!
I have a question.Can i use same (Edit Frame Exception in Page Editor Fix ) files in my sitecore application OR i have to contact sitecore support for my issue?
I don’t know whether it is common for all application or not.
Thanks,
Suman
Vasiliy Fomichev
September 24, 2014 at 9:51 amHi Pascal, I am glad this article was of help! The ticket number was 420877. Cheers!
Pascal Mathys
September 23, 2014 at 11:44 pmThanks 1000 times! We had exactly the same issue. The error message itself was in our Sitecore solutions since Sitecore 6.4 with different root causes (According to Sitecore Support). I tought that this problem is one of them. But now it’s fixed.