fix: avoid direct access to reviews list AJAX

[iparmentier]

Description (*)

Do not know wether it is intentional,
But you can access directly to the reviews list Ajax controller however all others controllers for Ajax URL has a conditional test in code.

Fixed Issues (if relevant)

Why not restrain this page to Ajax only

Manual testing scenarios

You can give it a try :
/review/product/listAjax/id/9999
=> Display the raw output in the browser.

(9999 = product if from store)

Questions or comments

Give me your think,

Ilan Parmentier

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

Resolved issues:

1. resolves [Issue] Avoid direct access to reviews list Ajax #37920: Avoid direct access to reviews list Ajax

[m2-assistant]

Hi @mageho. Thank you for your contribution
Here are some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names. Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE,
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here

ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review.

For more details, please, review the Magento Contributor Guide documentation.

⚠️ According to the Magento Contribution requirements, all Pull Requests must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[iparmentier]

@magento give me test instance

[magento-deployment-service]

Hi @mageho. Thank you for your request. I'm working on Magento instance for you.

[iparmentier]

@magento run all tests

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time.

[magento-deployment-service]

Hi @mageho, here is your Magento Instance: https://acd0f0eabc1b4ed373cab5920b6e8853.instances.magento-community.engineering
Admin access: https://acd0f0eabc1b4ed373cab5920b6e8853.instances.magento-community.engineering/admin_c8aa
Login: 406a3e8c
Password: c39c54401e4c

[bgorski]

@mageho thank you for your contribution! Indeed, this action can be accessed directly and if indexed by search engines, it may contribute to bad user experience. I had one change request though - please address it and I think we're good to go.

[iparmentier]

@bgorski Hello there, I did the modification by following your advice. We must be good to go. have a nice weekend.

[bgorski]

@mageho indeed we are - approving the PR. The next step is to wait for the core team to prioritize this and to perform manual testing.
Thank you for your contribution!

[bgorski]

@magento run all tests

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time.

[magento-engcom-team]

Hi @bgorski, thank you for the review.
ENGCOM-9191 has been created to process this Pull Request
✳️ @bgorski, could you please add one of the following labels to the Pull Request?

Label	Description
Auto-Tests: Covered	All changes in Pull Request is covered by auto-tests
Auto-Tests: Not Covered	Changes in Pull Request requires coverage by auto-tests
Auto-Tests: Not Required	Changes in Pull Request does not require coverage by auto-tests

[bgorski]

@magento run Unit Tests, Functional Tests CE, Functional Tests B2B

[engcom-Lima]

@magento run all tests

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.

[engcom-Lima]

@magento give me test instance

[magento-deployment-service]

Hi @engcom-Lima. Thank you for your request. I'm working on Magento instance for you.

[magento-deployment-service]

Hi @engcom-Lima, here is your Magento Instance: https://acd0f0eabc1b4ed373cab5920b6e8853.instances-prod.magento-community.engineering
Admin access: https://acd0f0eabc1b4ed373cab5920b6e8853.instances-prod.magento-community.engineering/admin_48e7
Login: b11bca4d
Password: 0d0a260d535b

[engcom-Lima]

✔️ QA Passed

Preconditions:

• Install fresh Magento 2.4-develop and PHP 8.1

Manual testing scenario:

• Add /review/product/listAjax/id/{productID} after the instance frontend URL and hit.

Before: ✖️ Showing the reviews list.

After: ✔️ Now no direct access to reviews list.

Builds are failed. Hence, moving this PR to Extended Testing.

[engcom-Lima]

@magento create issue

[engcom-Charlie]

@magento run all tests

[engcom-Charlie]

@magento run Functional Tests B2B, Functional Tests CE, Functional Tests EE, Static Tests

[engcom-Charlie]

@magento run all tests

[engcom-Charlie]

@magento run Functional Tests B2B, Unit Tests

[engcom-Charlie]

The functional B2B test failures are not consistent in recent 2 builds on same code. The failures are not part of PR or not failing because of PR changes, seems to be flaky. Hence moving it to Merge in Progress.

Run 1:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/33876/cb4b10365d4ff3f9dbced57c13e3de5c/Functional/allure-report-b2b/index.html#categories/e874bb47202994ea819dd7cbe4bd2bbb/889461fc9b54c415/

Run 2:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/33876/f7ec58b11a8b881a673ce380a6a97aef/Functional/console-error-logs.html