Redirect Tracker: Prevent creation of redirects from unrouteable URLs (closes #22652, #22256)

[AndyButland]

Description

When a content node was previewed before being published, publishing it (or, in some cases, publishing a different never-published node afterwards) created an unwanted entry in the URL Tracker (Redirect URL Management) pointing at the newly-published URL.

Two distinct manifestations have been observed (the first I can replicate, the second I haven't been able to):

1. Redirect from # — preview the node, close the preview tab without clicking exit preview (leaves the preview cookie active), then publish. The published URL provider resolves the draft to "#" (Constants.Routing.Unroutable), which was being stored as the "old route" and registered as a bogus # → /real-url redirect.
2. Redirect from the parent's URL — once the preview cookie is active for any prior page, every subsequent first-time publish in that backoffice session can create a redirect from the parent node's URL to the new child's URL. Reproduction: preview any page, then create a sibling/child, save it, then save & publish — observe the redirect appearing from the parent. Reported in #22256 (comment).

Root cause

Both paths share the same underlying issue: with the preview cookie active, IPublishedUrlProvider.GetUrl() resolves URLs via IDocumentUrlService.GetLegacyRouteFormat(..., isDraft: true). For never-published content, GetLegacyRouteFormat walks ancestors-or-self and either:

• returns "#" (when no segment can be resolved), or
• returns a partial route assembled from the published ancestors only (when the never-published draft itself isn't yet in the navigation tree) — i.e. the parent's URL.

RedirectTracker.StoreOldRoute would capture whatever the URL provider returned, but if the content had never been published, there's nothing to redirect from, so no route should be captured.

Fix

Two changes in RedirectTracker:

1. IsValidRoute rejects unroutable indicators. It now returns false for routes starting with Constants.Routing.Unroutable ("#").

2. New HasPublishedUrlSegment gate in StoreOldRoute. Before storing a captured route, verify the content actually has a published URL segment in IDocumentUrlService for the given culture. If GetUrlSegment(key, culture, isDraft: false) returns null, the content has never been published — there is no "old URL", so no route is stored.

Resolves #22652 and #22256.

Testing

Automated

Two new integration tests in RedirectTrackerTests:

• Does_Not_Create_Redirect_For_Unroutable_Old_Route — covers the # and #ex cases at the CreateRedirects boundary.
• Does_Not_Store_Old_Route_For_Never_Published_Content_When_Url_Resolves_To_Ancestor — covers the parent-URL leakage at the StoreOldRoute boundary, with the URL provider mocked to return a parent-style URL and IDocumentUrlService.GetUrlSegment(..., isDraft: false) returning null.

A few existing tests were updated to set CurrentPublishedSegment so they accurately represent already-published content (matching the new gate's expectation).

dotnet test tests/Umbraco.Tests.Integration --filter "FullyQualifiedName~RedirectTrackerTests"

Manual

Scenario 1 — preview-then-publish (originally reported in #22652):

1. Create a new content node and click Save and preview.
2. Close the preview browser tab — do not use the exit preview button (this leaves the preview cookie in place).
3. Publish the content.
4. Repeat steps 1–3 for a child node beneath the first.
5. Open Settings → Redirect URL Management.

Before the fix: at least one entry redirecting from # to the newly-published URL.
After the fix: no entries are listed.

Scenario 2 — sibling created after a stale preview cookie (reported in #22256 (comment)):

1. Click Save and preview on any page; close the preview tab without clicking exit preview.
2. Create a new node under an already-published parent.
3. Save the node.
4. Save and publish the node.
5. Open Settings → Redirect URL Management.

Before the fix: an entry redirecting from the parent's URL to the newly-published URL.
After the fix: no entries are listed.

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[Copilot]

Pull request overview

Prevents Redirect URL Management from recording redirects originating from unroutable URL provider sentinels when content has no published URL (e.g., after previewing unpublished content and then publishing).

Changes:

• Tightens RedirectTracker.IsValidRoute to reject Constants.Routing.Unroutable ("#").
• Adds an additional IsValidRoute(oldRoute) guard in RedirectTracker.CreateRedirects before registering redirects.
• Adds an integration test ensuring no redirects are created when the stored old route is Constants.Routing.Unroutable.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
src/Umbraco.Infrastructure/Routing/RedirectTracker.cs	Filters out unroutable sentinel routes and adds defense-in-depth validation before registering redirects.
tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Routing/RedirectTrackerTests.cs	Adds coverage to ensure unroutable old routes don’t create redirect entries.

[Zeegaan]

Looks and tests good 🚀

[bjarnef]

@AndyButland is it possible to include this in v17.4.0 as this is a critical issue. Content editors often use "Save & preview" and don't understand why these automatic redirects are created.
In some cases the content editor may not have access to redirects dashboard to delete these created redirects.

[Zeegaan]

@bjarnef good input, it was probably more critical than I initially realized, sorry about that! I've cherry picked this and it will go in 17.4.0-rc2, which we're aiming to release sometime next week (hopefully monday, but lets see) 😁

[Myster]

@Zeegaan and @bjarnef Thanks for bumping this to 17.4 we have several v13 to v17 upgrade projects that are blocked by this issue. #H5YR